How severe is CVE-2023-2760?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.6 out of 10.

What type of vulnerability is CVE-2023-2760?

This is classified as CWE-89, which is a common weakness in software security.

CVE-2023-2760 - HIGH Severity | CVSS 7.6

Vulnerability Description

An SQL injection vulnerability exists in TapHome core HandleMessageUpdateDevicePropertiesRequest function before version 2023.2, allowing low privileged users to inject arbitrary SQL directives into an SQL query and execute arbitrary SQL commands and get full reading access. This may also lead to limited write access and temporary Denial-of-Service.

Related Vulnerabilities

CVE-2016-8928

HIGH

CVSS:7.6(High)

IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the ...

CWE-892016

CVE-2016-8930

HIGH

CVSS:7.6(High)

CWE-892016

CVE-2019-19094

HIGH

CVSS:7.6(High)

Lack of input checks for SQL queries in ABB eSOMS versions 3.9 to 6.0.3 might allow an attacker SQL injection attacks against the backend database.

CWE-892019

CVE-2019-4481

HIGH

CVSS:7.6(High)

IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which...

CWE-892019

CVE-2019-4483

HIGH

CVSS:7.6(High)

CWE-892019

CVE-2019-4752

HIGH

CVSS:7.6(High)

IBM Emptoris Spend Analysis and IBM Emptoris Strategic Supply Management Platform 10.1.0.x, 10.1.1.x, and 10.1.3.x is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL st...

CWE-892019