CVE-2023-24788
HIGH8.8EPSS 0.87%NotrinosERP vulnerable to SQL Injection
Published: 3/23/2023Modified: 11/8/2023
Also known as:GHSA-4pqp-69m3-f8pp
Description
NotrinosERP v0.7 was discovered to contain a SQL injection vulnerability via the OrderNumber parameter at `/NotrinosERP/sales/customer_delivery.php`.
Affected packages (1)
- Packagist/notrinos/notrinos-erpfrom 0, <= 0.7
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.8 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
References (6)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2023-24788
- PATCHhttps://github.com/notrinos/NotrinosERP
- WEBhttp://packetstormsecurity.com/files/171804/NotrinosERP-0.7-SQL-Injection.html
- WEBhttps://github.com/arvandy/CVE/blob/main/CVE-2023-24788/CVE-2023-24788.md
- WEBhttps://github.com/arvandy/CVE/blob/main/CVE-2023-24788/CVE-2023-24788.py
- WEBhttps://github.com/arvandy/CVE/blob/main/NotrinosERP/POC.md