CVE-2023-25615

MEDIUM Year: 2023
CVSS v3 Score
4.9
Medium
Weakness Type
CWE-89
View all →

Vulnerability Description

Due to insufficient input sanitization, SAP ABAP - versions 751, 753, 753, 754, 756, 757, 791, allows an authenticated high privileged user to alter the current session of the user by injecting the malicious database queries over the network and gain access to the unintended data. This may lead to a high impact on the confidentiality and no impact on the availability and integrity of the application.

Related Vulnerabilities

CVE-2017-14600

MEDIUM
CVSS:4.9(Medium)

Pragyan CMS v3.0 is vulnerable to an Error-Based SQL injection in cms/admin.lib.php via $_GET['del_black'], resulting in Information Disclosure.

CWE-892017

CVE-2017-14601

MEDIUM
CVSS:4.9(Medium)

Pragyan CMS v3.0 is vulnerable to a Boolean-based SQL injection in cms/admin.lib.php via $_GET['forwhat'], resulting in Information Disclosure.

CWE-892017

CVE-2017-17822

MEDIUM
CVSS:4.9(Medium)

The List Users API of Piwigo 2.9.2 is vulnerable to SQL Injection via the /admin/user_list_backend.php sSortDir_0 parameter. An attacker can exploit this to gain access to the data in a connected MySQ...

CWE-892017

CVE-2017-17823

MEDIUM
CVSS:4.9(Medium)

The Configuration component of Piwigo 2.9.2 is vulnerable to SQL Injection via the admin/configuration.php order_by array parameter. An attacker can exploit this to gain access to the data in a connec...

CWE-892017

CVE-2017-17824

MEDIUM
CVSS:4.9(Medium)

The Batch Manager component of Piwigo 2.9.2 is vulnerable to SQL Injection via the admin/batch_manager_unit.php element_ids parameter in unit mode. An attacker can exploit this to gain access to the d...

CWE-892017

CVE-2017-3886

MEDIUM
CVSS:4.9(Medium)

A vulnerability in the Cisco Unified Communications Manager web interface could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries, ...

CWE-892017