CVE-2023-27610
MEDIUMTransbank Webpay REST <= 1.6.6 - Authenticated SQL Injection
Title source: llmDescription
Auth. (admin+) SQL Injection (SQLi) vulnerability in TransbankDevelopers Transbank Webpay REST plugin <= 1.6.6 versions.
References (1)
Core 1
Core References
Scores
CVSS v3
5.5
EPSS
0.0069
EPSS Percentile
48.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-89
Status
published
Products (2)
transbank/transbank_webpay_rest
< 1.6.6
TransbankDevelopers/Transbank Webpay REST
< 1.6.6
Published
Apr 16, 2023
Tracked Since
Feb 18, 2026