Multiple vulnerabilities in SQL Buddy

Posted date 20/11/2023

Importance

3 - Medium

Affected Resources

SQL Buddy, 1.3.3 version

Description

INCIBE has coordinated the publication of 6 vulnerabilities that affect SQL Buddy, which have been discovered by Rafael Pedrero.

All vulnerabilities have been assigned the following base score CVSS v3.1, CVSS vector and CWE vulnerability type.

CVSS v3.1: 6.1 | CVSS: AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | CWE-79.

Solution

There is no reported solution at this time.

Detail

CVE-2023-4786: XSS reflected through /dboverview.php (GET and POST methods) which affects the "db"parameter.
CVE-2023-4787: XSS reflected through /export.php (GET and POST methods) which affects the "OUTPUTFILETEXT" parameter.
CVE-2023-4788: XSS reflected through /insert.php (GET and POST methods) which affects the "table" parameter.
CVE-2023-4789: XSS reflected through /login.php (GET and POST methods) which affects the "HOST" parameter.
CVE-2023-4790: XSS reflected through /query.php (GET and POST methods) which affects the "db" parameter.
CVE-2023-4791: XSS reflected through /users.php (GET and POST methods) which affects the "NEWNAME" parameter.

Exploitation of these vulnerabilities could allow a remote attacker to send a specially crafted JavaScript payload to an authenticated user and retrieve their session details.

References list

Product Sheet - SQL Buddy

Etiquetas