cve/CVE-2023-34110.md at a8969e132322a214e7b78da5711159d6f891f0ab

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-06 02:31:38 +00:00

marc 555e9c7de4 Update Sat May 25 21:48:12 CEST 2024

2024-05-25 21:48:12 +02:00

Description

Flask-AppBuilder is an application development framework, built on top of Flask. Prior to version 4.3.2, an authenticated malicious actor with Admin privileges, could by adding a special character on the add, edit User forms trigger a database error, this error is surfaced back to this actor on the UI. On certain database engines this error can include the entire user row including the pbkdf2:sha256 hashed password. This vulnerability has been fixed in version 4.3.2.

POC

Reference

No PoCs from references.

Github

https://github.com/msegoviag/discovered-vulnerabilities
https://github.com/msegoviag/msegoviag

1.1 KiB Raw Blame History

CVE-2023-34110

Description

POC

Reference

Github

1.1 KiB

Raw Blame History