Blind SQL injection vulnerability in the Conacwin 3.7.1.2 web interface, the exploitation of which could allow a local attacker to obtain sensitive data stored in the database by sending a specially crafted SQL query to the xml parameter.
History

Thu, 19 Sep 2024 20:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: INCIBE

Published: 2023-10-04T11:05:05.352Z

Updated: 2024-09-19T19:21:21.060Z

Reserved: 2023-08-01T08:30:55.968Z

Link: CVE-2023-4037

cve-icon Vulnrichment

Updated: 2024-08-02T07:17:12.026Z

cve-icon NVD

Status : Modified

Published: 2023-10-04T12:15:10.733

Modified: 2024-11-21T08:34:16.473

Link: CVE-2023-4037

cve-icon Redhat

No data.