CVE-2023-48645
HIGHArchibus 4.0.3 - SQL Injection in Maintenance Module Search Feature
Title source: llmDescription
An issue was discovered in the Archibus app 4.0.3 for iOS. It uses a local database that is synchronized with a Web central server instance every time the application is opened, or when the refresh button is used. There is a SQL injection in the search work request feature in the Maintenance module of the app. This allows performing queries on the local database.
References (2)
Core 2
Core References
Various Sources
https://cds.thalesgroup.com/en/tcs-cert/CVE-2023-48645
Third Party Advisory
https://excellium-services.com/cert-xlm-advisory/CVE-2023-48645
Scores
CVSS v3
7.8
EPSS
0.0022
EPSS Percentile
12.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-89
Status
published
Products (1)
eptura/archibus
4.0.3
Published
Feb 02, 2024
Tracked Since
Feb 18, 2026