Efence login function has insufficient validation for user input. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify or delete database.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://www.twcert.org.tw/tw/cp-132-6885-d679e-1.html |
History
No history.
MITRE
Status: PUBLISHED
Assigner: twcert
Published: 2023-01-31T00:00:00
Updated: 2024-08-02T10:20:31.195Z
Reserved: 2023-01-10T00:00:00
Link: CVE-2023-22900
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-01-31T08:15:08.323
Modified: 2024-11-21T07:45:36.863
Link: CVE-2023-22900
Redhat
No data.