admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
cvelist/2023/28xxx/CVE-2023-28701.json

95 lines
2.9 KiB
JSON
Raw Normal View History

"-Synchronized-Data."
2023-03-21 11:00:50 +00:00
{
"CVE_data_meta": {
Add TWCERT/CC CVE-2022-46307 CVE-2022-46308 CVE-2022-47616 CVE-2022-47617 CVE-2023-25780 CVE-2023-28698 CVE-2023-28699 CVE-2023-28700 CVE-2023-28701 CVE-2023-28702 CVE-2023-28703 CVE-2023-28704 CVE-2023-28705 CVE-2023-30602 CVE-2023-30603 CVE-2023-30604
2023-06-02 18:00:55 +08:00
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2023-05-30T08:59:00.000Z",
"-Synchronized-Data."
2023-03-21 11:00:50 +00:00
"ID": "CVE-2023-28701",
Add TWCERT/CC CVE-2022-46307 CVE-2022-46308 CVE-2022-47616 CVE-2022-47617 CVE-2023-25780 CVE-2023-28698 CVE-2023-28699 CVE-2023-28700 CVE-2023-28701 CVE-2023-28702 CVE-2023-28703 CVE-2023-28704 CVE-2023-28705 CVE-2023-30602 CVE-2023-30603 CVE-2023-30604
2023-06-02 18:00:55 +08:00
"STATE": "PUBLIC",
"TITLE": "ELITE Web Fax - SQL Injection"
"-Synchronized-Data."
2023-03-21 11:00:50 +00:00
},
Add TWCERT/CC CVE-2022-46307 CVE-2022-46308 CVE-2022-47616 CVE-2022-47617 CVE-2023-25780 CVE-2023-28698 CVE-2023-28699 CVE-2023-28700 CVE-2023-28701 CVE-2023-28702 CVE-2023-28703 CVE-2023-28704 CVE-2023-28705 CVE-2023-30602 CVE-2023-30603 CVE-2023-30604
2023-06-02 18:00:55 +08:00
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Web Fax",
"version": {
"version_data": [
{
"version_affected": "?",
"version_value": "0"
}
]
}
}
]
},
"vendor_name": "ELITE"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Huang Yu Ze (CHT Security)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"-Synchronized-Data."
2023-03-21 11:00:50 +00:00
"description": {
"description_data": [
{
"lang": "eng",
"-Synchronized-Data."
2023-06-02 11:00:44 +00:00
"value": "ELITE TECHNOLOGY CORP. Web Fax has a vulnerability of SQL Injection. An unauthenticated remote attacker can inject SQL commands into the input field of the login page to perform arbitrary system commands, disrupt service or terminate service."
Add TWCERT/CC CVE-2022-46307 CVE-2022-46308 CVE-2022-47616 CVE-2022-47617 CVE-2023-25780 CVE-2023-28698 CVE-2023-28699 CVE-2023-28700 CVE-2023-28701 CVE-2023-28702 CVE-2023-28703 CVE-2023-28704 CVE-2023-28705 CVE-2023-30602 CVE-2023-30603 CVE-2023-30604
2023-06-02 18:00:55 +08:00
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
"-Synchronized-Data."
2023-03-21 11:00:50 +00:00
}
]
Add TWCERT/CC CVE-2022-46307 CVE-2022-46308 CVE-2022-47616 CVE-2022-47617 CVE-2023-25780 CVE-2023-28698 CVE-2023-28699 CVE-2023-28700 CVE-2023-28701 CVE-2023-28702 CVE-2023-28703 CVE-2023-28704 CVE-2023-28705 CVE-2023-30602 CVE-2023-30603 CVE-2023-30604
2023-06-02 18:00:55 +08:00
},
"references": {
"reference_data": [
{
"-Synchronized-Data."
2023-06-02 11:00:44 +00:00
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-7145-1a0d4-1.html",
"name": "https://www.twcert.org.tw/tw/cp-132-7145-1a0d4-1.html"
Add TWCERT/CC CVE-2022-46307 CVE-2022-46308 CVE-2022-47616 CVE-2022-47617 CVE-2023-25780 CVE-2023-28698 CVE-2023-28699 CVE-2023-28700 CVE-2023-28701 CVE-2023-28702 CVE-2023-28703 CVE-2023-28704 CVE-2023-28705 CVE-2023-30602 CVE-2023-30603 CVE-2023-30604
2023-06-02 18:00:55 +08:00
}
]
},
"source": {
"advisory": "TVN-202305003",
"discovery": "EXTERNAL"
"-Synchronized-Data."
2023-03-21 11:00:50 +00:00
}
}
Reference in New Issue Copy Permalink