cve/2023/CVE-2023-39423.md

### [CVE-2023-39423](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39423)
![](https://img.shields.io/static/v1?label=Product&message=IRM%20Next%20Generation&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3D%205.3.2.15%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command%20('SQL%20Injection')&color=brighgreen)

### Description

The RDPData.dll file exposes the /irmdata/api/common endpoint that handles session IDs,  among other features. By using a UNION SQL operator, an attacker can leak the sessions table, obtain the currently valid sessions and impersonate a currently logged-in user.

### POC

#### Reference
- https://bitdefender.com/blog/labs/check-out-with-extra-charges-vulnerabilities-in-hotel-booking-engine-explained

#### Github
No PoCs found on GitHub currently.