CVE-2023-4741

MEDIUM

IBOS OA 4.5.5 - SQL Injection in Delete Logs Handler

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-4741. PoCs published by wudidike.

AI-analyzed exploit summary This repository provides a detailed technical analysis of CVE-2023-4741, a SQL injection vulnerability in ibos OA v4.5.5. It includes packet capture images, code analysis, and step-by-step exploitation details.

Description

A vulnerability has been found in IBOS OA 4.5.5 and classified as critical. This vulnerability affects unknown code of the file ?r=diary/default/del of the component Delete Logs Handler. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-238630 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Exploits (1)

nomisec WRITEUP

by wudidike · poc

https://github.com/wudidike/CVE-2023-4741

View Code ZIP pw:eip

This repository provides a detailed technical analysis of CVE-2023-4741, a SQL injection vulnerability in ibos OA v4.5.5. It includes packet capture images, code analysis, and step-by-step exploitation details.

Classification

Writeup 90%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: ibos OA v4.5.5

Auth required

Prerequisites: Access to the ibos OA application · Valid credentials for authentication

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3

Core References

Permissions Required, Third Party Advisory, VDB Entry vdb-entry technical-description

https://vuldb.com/?id.238630

Permissions Required, Third Party Advisory, VDB Entry signature permissions-required

https://vuldb.com/?ctiid.238630

Exploit, Third Party Advisory exploit

https://github.com/wudidike/cve/blob/main/sql.md

View Exploit ZIP pw:eip

Scores

CVSS v3 6.3

EPSS 0.0078

EPSS Percentile 51.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-89

Status published

Products (1)

ibos/ibos 4.5.5

Published Sep 03, 2023

Tracked Since Feb 18, 2026