An SQL injection vulnerability exists in TapHome core HandleMessageUpdateDevicePropertiesRequest function before version 2023.2, allowing low privileged users to inject arbitrary SQL directives into an SQL query and execute arbitrary SQL commands and get full reading access. This may also lead to limited write access and temporary Denial-of-Service.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: CERTVDE
Published: 2023-07-17T06:14:32.851Z
Updated: 2024-08-02T06:33:05.394Z
Reserved: 2023-05-17T14:21:50.584Z
Link: CVE-2023-2760
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-07-17T07:15:08.953
Modified: 2023-08-09T11:15:10.280
Link: CVE-2023-2760
Redhat
No data.