CVE-2023-35683

MEDIUM Year: 2023
CVSS v3 Score
5.5
Medium
Weakness Type
CWE-89
View all →

Vulnerability Description

In bindSelection of DatabaseUtils.java, there is a possible way to access files from other applications due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Related Vulnerabilities

CVE-2017-20195

MEDIUM
CVSS:5.5(Medium)

A vulnerability was found in LUNAD3v AreaLoad up to 1a1103182ed63a06dde63d1712f3262eda19c3ec. It has been rated as critical. This issue affects some unknown processing of the file request.php. The man...

CWE-892017

CVE-2018-9493

MEDIUM
CVSS:5.5(Medium)

In the content provider of the download manager, there is a possible SQL injection due to improper input validation. This could lead to local information disclosure with no additional execution privil...

CWE-892018

CVE-2019-19850

MEDIUM
CVSS:5.5(Medium)

An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. Because escaping of user-submitted content is mishandled, the class QueryGenerator is vulnerable to SQL injec...

CWE-892019

CVE-2019-2196

MEDIUM
CVSS:5.5(Medium)

In Download Provider, there is possible SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.P...

CWE-892019

CVE-2019-2198

MEDIUM
CVSS:5.5(Medium)

In Download Provider, there is a possible SQL injection vulnerability. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed fo...

CWE-892019

CVE-2020-0344

MEDIUM
CVSS:5.5(Medium)

In MediaProvider, there is a possible permissions bypass due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not n...

CWE-892020