CVE-2023-45860

MEDIUM Year: 2023
CVSS v3 Score
6.5
Medium
Weakness Type
CWE-89
View all →

Vulnerability Description

In Hazelcast Platform through 5.3.4, a security issue exists within the SQL mapping for the CSV File Source connector. This issue arises from inadequate permission checking, which could enable unauthorized clients to access data from files stored on a member's filesystem.

Related Vulnerabilities

CVE-2015-6004

MEDIUM
CVSS:6.5(Medium)

Multiple SQL injection vulnerabilities in IPSwitch WhatsUp Gold before 16.4 allow remote attackers to execute arbitrary SQL commands via (1) the UniqueID (aka sUniqueID) parameter to WrFreeFormText.as...

CWE-892015

CVE-2015-6433

MEDIUM
CVSS:6.5(Medium)

SQL injection vulnerability in Cisco Unified Communications Manager 11.0(0.98000.225) allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCut66767.

CWE-892015

CVE-2016-1308

MEDIUM
CVSS:6.5(Medium)

SQL injection vulnerability in Cisco Unified Communications Manager 10.5(2.13900.9) allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCux99227.

CWE-892016

CVE-2016-1437

MEDIUM
CVSS:6.5(Medium)

SQL injection vulnerability in the SQL database in Cisco Prime Collaboration Deployment before 11.5.1 allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID ...

CWE-892016

CVE-2016-2950

MEDIUM
CVSS:6.5(Medium)

SQL injection vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

CWE-892016

CVE-2016-5653

MEDIUM
CVSS:6.5(Medium)

Multiple SQL injection vulnerabilities in Misys FusionCapital Opics Plus allow remote authenticated users to execute arbitrary SQL commands via the (1) ID or (2) Branch parameter.

CWE-892016