VYPR
Unrated severityNVD Advisory· Published Jul 20, 2023· Updated Aug 2, 2024

IBOS OA Mobile Notification edit actionEdit sql injection

CVE-2023-3801

Description

A vulnerability was found in IBOS OA 4.5.5. It has been declared as critical. Affected by this vulnerability is the function actionEdit of the file ?r=officialdoc/officialdoc/edit of the component Mobile Notification Handler. The manipulation leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-235069 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Affected products

2
  • Cnoa/Oallm-fuzzy
    Range: =4.5.5
  • IBOS/OAv5
    Range: 4.5.5

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.