CVE-2023-0620

MEDIUM Year: 2023
CVSS v3 Score
6.7
Medium
Weakness Type
CWE-89
View all →

Vulnerability Description

HashiCorp Vault and Vault Enterprise versions 0.8.0 through 1.13.1 are vulnerable to an SQL injection attack when configuring the Microsoft SQL (MSSQL) Database Storage Backend. When configuring the MSSQL plugin through the local, certain parameters are not sanitized when passed to the user-provided MSSQL database. An attacker may modify these parameters to execute a malicious SQL command. This issue is fixed in versions 1.13.1, 1.12.5, and 1.11.9.

Related Vulnerabilities

CVE-2020-3184

MEDIUM
CVSS:6.7(Medium)

A vulnerability in the web-based management interface of Cisco Prime Collaboration Provisioning Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected s...

CWE-892020

CVE-2022-0362

MEDIUM
CVSS:6.7(Medium)

SQL Injection in Packagist showdoc/showdoc prior to 2.10.3.

CWE-892022

CVE-2023-1578

MEDIUM
CVSS:6.7(Medium)

SQL Injection in GitHub repository pimcore/pimcore prior to 10.5.19.

CWE-892023

CVE-2023-46806

MEDIUM
CVSS:6.7(Medium)

An SQL Injection vulnerability in a web component of EPMM versions before 12.1.0.0 allows an authenticated user with appropriate privilege to access or modify data in the underlying database.

CWE-892023

CVE-2023-46807

MEDIUM
CVSS:6.7(Medium)

An SQL Injection vulnerability in web component of EPMM before 12.1.0.0 allows an authenticated user with appropriate privilege to access or modify data in the underlying database.

CWE-892023

CVE-2024-39843

MEDIUM
CVSS:6.7(Medium)

A SQL injection vulnerability in Centreon 24.04.2 allows a remote high-privileged attacker to execute arbitrary SQL command via create user form inputs.

CWE-892024