SQL Injection in VisualCounter I.Stats

Posted date 14/11/2023

Importance

5 - Critical

Affected Resources

VisualCounter I.Stats, 7.3 version.

Description

INCIBE has coordinated the publication of one vulnerabilitiy that affects VisualCounter I.Stats, a tool for statistical management of customer flow data in commercial areas, which has been discovered by Ignacio García Mestre (Br4v3n).

This vulnerabilitiy has been assigned the following code, CVSS v3.1 base score, CVSS vector string, and CWE vulnerability type:

CVE-2023-5518: CVSS v3.1: 9.8 | CVSS: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | CWE-89.

Solution

There is no solution reported at the moment.

Detail

CVE-2023-5518: a SQL injection vulnerability has been found in VisualCounter affecting the I.Stats application in its 7.3 version. This vulnerability allows a remote user to retrieve sensitive data, stored in the database, by sending a specially crafted query to the login parameters.

References list

Product sheet - I.Stats

Etiquetas

0day
CNA
Vulnerability