CVE-2023-3621

MEDIUM

IBOS OA 4.5.5 - SQL Injection via Delete Packet createDeleteCommand Function

Title source: llm
STIX 2.1

Description

A vulnerability was found in IBOS OA 4.5.5. It has been classified as critical. Affected is the function createDeleteCommand of the file ?r=article/default/delete of the component Delete Packet. The manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-233574 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

References (3)

Core 3
Core References
Third Party Advisory vdb-entry technical-description
https://vuldb.com/?id.233574
Third Party Advisory signature permissions-required
https://vuldb.com/?ctiid.233574

Scores

CVSS v3 6.3
EPSS 0.0065
EPSS Percentile 46.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Details

CWE
CWE-89
Status published
Products (1)
ibos/ibos 4.5.5
Published Jul 11, 2023
Tracked Since Feb 18, 2026