CVE-2023-48645

HIGH Year: 2023
CVSS v3 Score
7.8
High
Weakness Type
CWE-89
View all →

Vulnerability Description

An issue was discovered in the Archibus app 4.0.3 for iOS. It uses a local database that is synchronized with a Web central server instance every time the application is opened, or when the refresh button is used. There is a SQL injection in the search work request feature in the Maintenance module of the app. This allows performing queries on the local database.

Related Vulnerabilities

CVE-2015-4669

HIGH
CVSS:7.8(High)

The MySQL "root" user in Xsuite 2.x does not have a password set, which allows local users to access databases on the system.

CWE-892015

CVE-2019-12372

HIGH
CVSS:7.8(High)

Petraware pTransformer ADC before 2.1.7.22827 allows SQL Injection via the User ID parameter to the login form.

CWE-892019

CVE-2019-20573

HIGH
CVSS:7.8(High)

An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. There is local SQL injection in the RCS Content Provider. The Samsung IDs are SVE-2019-14059, SVE-2019-14685...

CWE-892019

CVE-2019-20574

HIGH
CVSS:7.8(High)

An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. There is local SQL injection in the Wi-Fi history Content Provider. The Samsung ID is SVE-2019-14061 (August...

CWE-892019

CVE-2019-20591

HIGH
CVSS:7.8(High)

An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. There is local SQL injection in the Gear VR Service Content Provider. The Samsung ID is SVE-2019-14058 (July...

CWE-892019

CVE-2019-20592

HIGH
CVSS:7.8(High)

An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. There is local SQL injection in the Story Video Editor Content Provider. The Samsung ID is SVE-2019-14062 (J...

CWE-892019