SQL Injection Vulnerability in Milesight VPN by Milesight
CVE-2023-22319

7.3HIGH

Key Information:

Vendor: Milesight
Status: Milesightvpn
Vendor: CVE Published:; 6 July 2023

What is CVE-2023-22319?

A SQL injection vulnerability exists within the LoginAuth functionality of Milesight VPN v2.0.2, specifically in requestHandlers.js. By crafting a malicious network request, an attacker can exploit this flaw, potentially bypassing authentication mechanisms. This vulnerability highlights the critical importance of robust input validation and security measures in network applications.

Affected Version(s)

MilesightVPN v2.0.2

References

https://talosintelligence.com/vulnerability_reports/TALOS...

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 6, 2023
Vulnerability Reserved
Jan 20, 2023

Credit

Discovered by Francesco Benvenuto of Cisco Talos.

CVE-2023-22319 Data

JSON