CVE-2023-45674

HIGH

Farmbot Web App < 15.8.4 - Authenticated SQL Injection

Title source: llm
STIX 2.1

Description

Farmbot-Web-App is a web control interface for the Farmbot farm automation platform. An SQL injection vulnerability was found in FarmBot's web app that allows authenticated attackers to extract arbitrary data from its database (including the user table). This issue may lead to Information Disclosure. This issue has been patched in version 15.8.4. Users are advised to upgrade. There are no known workarounds for this issue.

References (1)

Core 1

Scores

CVSS v3 7.7
EPSS 0.0050
EPSS Percentile 39.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-89
Status published
Products (1)
farmbot/farmbot_web_app < 15.8.4
Published Oct 14, 2023
Tracked Since Feb 18, 2026