CVE-2023-7188

A vulnerability classified as critical has been found in Shipping 100 Fahuo100 up to 1.1. Affected is an unknown function of the file member/login.php. The manipulation of the argument M_pwd leads to sql injection. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. VDB-249390 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVSS v3 5.0 MEDIUM
CVSS v2.0 4.3 MEDIUM

5.0^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.6 / Impact : 3.4

Attack Vector ADJACENT_NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:A/AC:H/Au:N/C:P/I:P/A:P

Exploitability : 3.2 / Impact : 6.4

Access Vector ADJACENT_NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://note.zhaoj.in/share/az24SaQJn1UQ	Broken Link
https://vuldb.com/?ctiid.249390	Third Party Advisory
https://vuldb.com/?id.249390	Third Party Advisory
https://note.zhaoj.in/share/az24SaQJn1UQ	Broken Link
https://vuldb.com/?ctiid.249390	Third Party Advisory
https://vuldb.com/?id.249390	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:fahuo100:fahuo100:*:*:*:*:*:*:*:*

History

21 Nov 2024, 08:45

Type	Values Removed	Values Added
CVSS	v2 : ~~4.3~~ v3 : ~~8.1~~	v2 : 4.3 v3 : 5.0
References	~~() https://note.zhaoj.in/share/az24SaQJn1UQ - Broken Link~~	() https://note.zhaoj.in/share/az24SaQJn1UQ - Broken Link
References	~~() https://vuldb.com/?ctiid.249390 - Third Party Advisory~~	() https://vuldb.com/?ctiid.249390 - Third Party Advisory
References	~~() https://vuldb.com/?id.249390 - Third Party Advisory~~	() https://vuldb.com/?id.249390 - Third Party Advisory

05 Jan 2024, 22:19

Type	Values Removed	Values Added
First Time		Fahuo100 Fahuo100 fahuo100
CVSS	v2 : ~~4.3~~ v3 : ~~5.0~~	v2 : 4.3 v3 : 8.1
Summary		(es) Una vulnerabilidad ha sido encontrada en Shipping 100 Fahuo100 hasta 1.1 y clasificada como crítica. Una función desconocida del archivo member/login.php es afectada por esta vulnerabilidad. La manipulación del argumento M_pwd conduce a la inyección de SQL. La complejidad de un ataque es bastante alta. Se dice que la explotabilidad es difícil. La explotación ha sido divulgada al público y puede utilizarse. VDB-249390 es el identificador asignado a esta vulnerabilidad. NOTA: Se contactó primeramente al proveedor sobre esta divulgación, pero no respondió de ninguna forma.
CPE		cpe:2.3:a:fahuo100:fahuo100::::::::
References	~~() https://note.zhaoj.in/share/az24SaQJn1UQ -~~	() https://note.zhaoj.in/share/az24SaQJn1UQ - Broken Link
References	~~() https://vuldb.com/?ctiid.249390 -~~	() https://vuldb.com/?ctiid.249390 - Third Party Advisory
References	~~() https://vuldb.com/?id.249390 -~~	() https://vuldb.com/?id.249390 - Third Party Advisory

31 Dec 2023, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-12-31 15:15

Updated : 2024-11-21 08:45

NVD link : CVE-2023-7188

Mitre link : CVE-2023-7188

CVE.ORG link : CVE-2023-7188

JSON object : View

Products Affected

fahuo100

fahuo100

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

5.0 /10