DedeBIZ sys_sql_query.php sql injection
CVE-2023-3839

7.2HIGH

Key Information:

Vendor

Dedebiz

Status
DedeBIZ
Vendor
CVE Published:
23 July 2023

What is CVE-2023-3839?

A SQL injection vulnerability has been identified in the DedeBIZ 6.2.10 application, specifically within the /admin/sys_sql_query.php file. This vulnerability allows attackers to manipulate the 'sqlquery' parameter, potentially leading to unauthorized access to sensitive data. Although the attack can be launched remotely, it is important to note that the complexity of executing this attack is relatively high, making it challenging for potential exploiters. The issue has been made public, raising concerns for users of the affected version. Despite attempts to notify the vendor regarding this risk, no response has been received.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

DedeBIZ 6.2.10

References

https://vuldb.com/?id.235190
vdb-entrytechnical-description
https://vuldb.com/?ctiid.235190
signaturepermissions-required
https://github.com/TXPH/CVE/blob/main/sqli-report.pdf
broken-linkexploit

CVSS V3.1

Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

TXPH (VulDB User)
JSON
.