CVE-2023-24788
HIGH8.8EPSS 0.87%NotrinosERP vulnerable to SQL Injection
發布日:2023/3/23修改日:2023/11/8
描述
NotrinosERP v0.7 was discovered to contain a SQL injection vulnerability via the OrderNumber parameter at `/NotrinosERP/sales/customer_delivery.php`.
受影響套件(1)
- Packagist/notrinos/notrinos-erpfrom 0, <= 0.7
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.8 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
參考連結(6)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2023-24788
- PATCHhttps://github.com/notrinos/NotrinosERP
- WEBhttp://packetstormsecurity.com/files/171804/NotrinosERP-0.7-SQL-Injection.html
- WEBhttps://github.com/arvandy/CVE/blob/main/CVE-2023-24788/CVE-2023-24788.md
- WEBhttps://github.com/arvandy/CVE/blob/main/CVE-2023-24788/CVE-2023-24788.py
- WEBhttps://github.com/arvandy/CVE/blob/main/NotrinosERP/POC.md