CVE-2023-39853

MEDIUM

Dzzoffice 2.01 - SQL Injection via Network Disk Backend doobj and doevent Parameters

Title source: llm
STIX 2.1

Description

SQL Injection vulnerability in Dzzoffice version 2.01, allows remote attackers to obtain sensitive information via the doobj and doevent parameters in the Network Disk backend module.

References (1)

Core 1
Core References

Scores

CVSS v3 6.5
EPSS 0.0074
EPSS Percentile 50.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-89
Status published
Products (1)
dzzoffice/dzzoffice 2.01
Published Jan 06, 2024
Tracked Since Feb 18, 2026