Blind SQL injection vulnerability in the Conacwin 3.7.1.2 web interface, the exploitation of which could allow a local attacker to obtain sensitive data stored in the database by sending a specially crafted SQL query to the xml parameter.
Metrics
Affected Vendors & Products
References
History
Thu, 19 Sep 2024 20:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: INCIBE
Published: 2023-10-04T11:05:05.352Z
Updated: 2024-09-19T19:21:21.060Z
Reserved: 2023-08-01T08:30:55.968Z
Link: CVE-2023-4037
Vulnrichment
Updated: 2024-08-02T07:17:12.026Z
NVD
Status : Modified
Published: 2023-10-04T12:15:10.733
Modified: 2024-11-21T08:34:16.473
Link: CVE-2023-4037
Redhat
No data.