CVE-2023-31433

HIGH

Logbuch <8.2.2286, <9.0.2401 - SQL Injection

Title source: llm

Description

A SQL injection issue in Logbuch in evasys before 8.2 Build 2286 and 9.x before 9.0 Build 2401 allows authenticated attackers to execute SQL statements via the welche parameter.

Exploits (1)

nomisec WRITEUP 1 stars

by trustcves · poc

https://github.com/trustcves/CVE-2023-31433

View Code ZIP pw:eip

References (1)

Core 1

Core References

Exploit, Third Party Advisory

https://cves.at/posts/cve-2023-31433/writeup/

Scores

CVSS v3 8.8

EPSS 0.0048

EPSS Percentile 65.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-89

Status published

Products (2)

evasys/evasys 8.2

evasys/evasys 9.0

Published May 02, 2023

Tracked Since Feb 18, 2026