Bylancer QuickAI OpenAI GET Parameter blog sql injection
CVE-2023-3686

9.8CRITICAL

Key Information:

Vendor: Bylancer
Status: QuickAI OpenAI
Vendor: CVE Published:; 16 July 2023

What is CVE-2023-3686?

The Bylancer QuickAI OpenAI version 3.8.1 contains a significant vulnerability stemming from improper handling of GET parameters in the component responsible for processing requests. Specifically, an attacker can exploit this weakness by manipulating the 's' argument, allowing unauthorized access to the database. This type of SQL injection poses serious risks, as it enables attackers to execute arbitrary SQL commands, potentially leading to data breaches, data manipulation, or unauthorized control over the affected system.

Affected Version(s)

QuickAI OpenAI 3.8.1

References

https://vuldb.com/?id.234232

vdb-entrytechnical-description

https://vuldb.com/?ctiid.234232

signature

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 16, 2023
Vulnerability Reserved
Jul 15, 2023

Credit

skalvin (VulDB User)

CVE-2023-3686 Data

JSON