CVE-2023-48645

HIGH

Archibus 4.0.3 - SQL Injection in Maintenance Module Search Feature

Title source: llm
STIX 2.1

Description

An issue was discovered in the Archibus app 4.0.3 for iOS. It uses a local database that is synchronized with a Web central server instance every time the application is opened, or when the refresh button is used. There is a SQL injection in the search work request feature in the Maintenance module of the app. This allows performing queries on the local database.

References (2)

Core 2

Scores

CVSS v3 7.8
EPSS 0.0022
EPSS Percentile 12.6%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-89
Status published
Products (1)
eptura/archibus 4.0.3
Published Feb 02, 2024
Tracked Since Feb 18, 2026