CVE-2023-45800

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Hanbiro Hanbiro groupware allows Information Elicitation.This issue affects Hanbiro groupware: from V3.8.79 before V3.8.81.1.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://hanbiro.com/	Product
https://hanbiro.com/	Product

Configurations

Configuration 1 (hide)

cpe:2.3:a:hanbiro:groupware:*:*:*:*:*:*:*:*

History

21 Nov 2024, 08:27

Type	Values Removed	Values Added
References	~~() https://hanbiro.com/ - Product~~	() https://hanbiro.com/ - Product

15 Dec 2023, 18:50

Type	Values Removed	Values Added
CWE		CWE-89
References	~~() https://hanbiro.com/ -~~	() https://hanbiro.com/ - Product
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.5
CPE		cpe:2.3:a:hanbiro:groupware::::::::

13 Dec 2023, 02:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-12-13 02:15

Updated : 2024-11-21 08:27

NVD link : CVE-2023-45800

Mitre link : CVE-2023-45800

CVE.ORG link : CVE-2023-45800

JSON object : View

Products Affected

hanbiro

groupware

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

{"id": "CVE-2023-45800", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "vuln@krcert.or.kr", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2023-12-13T02:15:07.323", "references": [{"url": "https://hanbiro.com/", "tags": ["Product"], "source": "vuln@krcert.or.kr"}, {"url": "https://hanbiro.com/", "tags": ["Product"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "vuln@krcert.or.kr", "description": [{"lang": "en", "value": "CWE-89"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Hanbiro Hanbiro groupware allows Information Elicitation.This issue affects Hanbiro groupware: from V3.8.79 before V3.8.81.1.\n\n"}, {"lang": "es", "value": "La neutralizaci\u00f3n inadecuada de elementos especiales utilizados en una vulnerabilidad de comando SQL ('inyecci\u00f3n SQL') en el software colaborativo Hanbiro Hanbiro permite la obtenci\u00f3n de informaci\u00f3n. Este problema afecta al software colaborativo Hanbiro: desde V3.8.79 antes de V3.8.81.1."}], "lastModified": "2024-11-21T08:27:22.747", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hanbiro:groupware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A78D52F3-B19F-4BBD-9EE1-613EF89C79F0", "versionEndExcluding": "3.8.81.1", "versionStartIncluding": "3.8.79"}], "operator": "OR"}]}], "sourceIdentifier": "vuln@krcert.or.kr"}