{ "id": "CVE-2023-34635", "sourceIdentifier": "cve@mitre.org", "published": "2023-07-31T14:15:10.273", "lastModified": "2023-08-04T18:52:54.603", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Wifi Soft Unibox Administration 3.0 and 3.1 is vulnerable to SQL Injection. The vulnerability occurs because of not validating or sanitizing the user input in the username field of the login page." } ], "metrics": { "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL" }, "exploitabilityScore": 3.9, "impactScore": 5.9 } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-89" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:wifi-soft:unibox_administration:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "53455FE6-C75A-4A74-91C6-46D2112B8EDE" }, { "vulnerable": true, "criteria": "cpe:2.3:a:wifi-soft:unibox_administration:3.1:*:*:*:*:*:*:*", "matchCriteriaId": "358B7BEA-F624-4679-821E-D300DDAB1449" } ] } ] } ], "references": [ { "url": "http://packetstormsecurity.com/files/173669/Wifi-Soft-Unibox-Administration-3.0-3.1-SQL-Injection.html", "source": "cve@mitre.org", "tags": [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url": "https://www.exploit-db.com/exploits/51610", "source": "cve@mitre.org", "tags": [ "Exploit", "Third Party Advisory", "VDB Entry" ] } ] }