CVE-2023-50743

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-50743
Online Notice Board System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'dd' parameter of the registration.php resource does not validate the characters received and they are sent unfiltered to the database.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://fluidattacks.com/advisories/perahia/ Exploit Third Party Advisory
https://www.kashipara.com/ Product
https://fluidattacks.com/advisories/perahia/ Exploit Third Party Advisory
https://www.kashipara.com/ Product
Configurations

Configuration 1 (hide)

cpe:2.3:a:kashipara:online_notice_board_system:1.0:*:*:*:*:*:*:*
History

21 Nov 2024, 08:37

Type Values Removed Values Added
References () https://fluidattacks.com/advisories/perahia/ - Exploit, Third Party Advisory () https://fluidattacks.com/advisories/perahia/ - Exploit, Third Party Advisory
References () https://www.kashipara.com/ - Product () https://www.kashipara.com/ - Product

10 Jan 2024, 01:13

Type Values Removed Values Added
Summary
  • (es) Online Notice Board System v1.0 es afectado por múltiples vulnerabilidades de inyección SQL no autenticada. El parámetro 'dd' del recurso registration.php no valida los caracteres recibidos y se envían sin filtrar a la base de datos.
References () https://fluidattacks.com/advisories/perahia/ - () https://fluidattacks.com/advisories/perahia/ - Exploit, Third Party Advisory
References () https://www.kashipara.com/ - () https://www.kashipara.com/ - Product
CPE cpe:2.3:a:kashipara:online_notice_board_system:1.0:*:*:*:*:*:*:*
First Time Kashipara online Notice Board System
Kashipara

04 Jan 2024, 14:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-01-04 14:15

Updated : 2024-11-21 08:37

NVD link : CVE-2023-50743

Mitre link : CVE-2023-50743

CVE.ORG link : CVE-2023-50743

JSON object : View

Products Affected

kashipara

  • online_notice_board_system
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')