CVE-2023-52096

HIGH Year: 2023
CVSS v3 Score
7.5
High
Weakness Type
CWE-89
View all →

Vulnerability Description

SteVe Community ocpp-jaxb before 0.0.8 generates invalid timestamps such as ones with month 00 in certain situations (such as when an application receives a StartTransaction Open Charge Point Protocol message with a timestamp parameter of 1000000). This may lead to a SQL exception in applications, and may undermine the integrity of transaction records.

Related Vulnerabilities

CVE-2007-10001

HIGH
CVSS:7.5(High)

A vulnerability classified as problematic has been found in web-cyradm. This affects an unknown part of the file search.php. The manipulation of the argument searchstring leads to sql injection. It is...

CWE-892007

CVE-2016-10556

HIGH
CVSS:7.5(High)

sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS In Postgres, SQLite, and Microsof...

CWE-892016

CVE-2016-20018

HIGH
CVSS:7.5(High)

Knex Knex.js through 2.3.0 has a limited SQL injection vulnerability that can be exploited to ignore the WHERE clause of a SQL query.

CWE-892016

CVE-2016-6419

HIGH
CVSS:7.5(High)

SQL injection vulnerability in Cisco Firepower Management Center 4.10.3 through 5.4.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCur25485...

CWE-892016

CVE-2016-6616

HIGH
CVSS:7.5(High)

An issue was discovered in phpMyAdmin. In the "User group" and "Designer" features, a user can execute an SQL injection attack against the account of the control user. All 4.6.x versions (prior to 4.6...

CWE-892016

CVE-2016-7508

HIGH
CVSS:7.5(High)

Multiple SQL injection vulnerabilities in GLPI 0.90.4 allow an authenticated remote attacker to execute arbitrary SQL commands by using a certain character when the database is configured to use Big5 ...

CWE-892016