CVE-2023-47022

Insecure Direct Object Reference in NCR Terminal Handler v.1.5.1 allows an unprivileged user to edit the audit logs for any user and can lead to CSV injection.
Configurations

Configuration 1 (hide)

cpe:2.3:a:ncr:terminal_handler:1.5.1:*:*:*:*:*:*:*

History

21 Nov 2024, 08:29

Type Values Removed Values Added
References () https://github.com/Patrick0x41/Security-Advisories/tree/main/CVE-2023-47022 - Third Party Advisory () https://github.com/Patrick0x41/Security-Advisories/tree/main/CVE-2023-47022 - Third Party Advisory

13 Feb 2024, 18:14

Type Values Removed Values Added
First Time Ncr
Ncr terminal Handler
References () https://github.com/Patrick0x41/Security-Advisories/tree/main/CVE-2023-47022 - () https://github.com/Patrick0x41/Security-Advisories/tree/main/CVE-2023-47022 - Third Party Advisory
CPE cpe:2.3:a:ncr:terminal_handler:1.5.1:*:*:*:*:*:*:*
CWE CWE-1236
CWE-639
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.5

08 Feb 2024, 22:15

Type Values Removed Values Added
Summary (en) An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to execute arbitrary code via a crafted script to the payload parameter. (en) Insecure Direct Object Reference in NCR Terminal Handler v.1.5.1 allows an unprivileged user to edit the audit logs for any user and can lead to CSV injection.

08 Feb 2024, 21:15

Type Values Removed Values Added
References
  • {'url': 'https://docs.google.com/document/d/15s7NftTX2dxfcFnMqkFIyeN48xq3LceesWOhP-9xL4Y/edit?usp=sharing', 'source': 'cve@mitre.org'}

06 Feb 2024, 13:53

Type Values Removed Values Added
Summary
  • (es) Un problema en NCR Terminal Handler v.1.5.1 permite a un atacante remoto ejecutar código arbitrario a través de un script manipulado en el parámetro payload.

06 Feb 2024, 01:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-02-06 01:15

Updated : 2024-11-21 08:29


NVD link : CVE-2023-47022

Mitre link : CVE-2023-47022

CVE.ORG link : CVE-2023-47022


JSON object : View

Products Affected

ncr

  • terminal_handler
CWE
CWE-639

Authorization Bypass Through User-Controlled Key

CWE-1236

Improper Neutralization of Formula Elements in a CSV File