Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Multiple vulnerabilities in SQL Buddy

Posted date 20/11/2023
Identificador
INCIBE-2023-0509
Importance
3 - Medium
Affected Resources
  • SQL Buddy, 1.3.3 version
Description

INCIBE has coordinated the publication of 6 vulnerabilities that affect SQL Buddy, which have been discovered by Rafael Pedrero.

All vulnerabilities have been assigned the following base score CVSS v3.1, CVSS vector and CWE vulnerability type.

  • CVSS v3.1: 6.1 | CVSS: AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | CWE-79.
Solution

There is no reported solution at this time.

Detail
  • CVE-2023-4786: XSS reflected through /dboverview.php (GET and POST methods) which affects the "db"parameter.
  • CVE-2023-4787: XSS reflected through /export.php (GET and POST methods) which affects the "OUTPUTFILETEXT" parameter.
  • CVE-2023-4788: XSS reflected through /insert.php (GET and POST methods) which affects the "table" parameter.
  • CVE-2023-4789: XSS reflected through /login.php (GET and  POST methods) which affects the "HOST" parameter.
  • CVE-2023-4790: XSS reflected through /query.php (GET and POST methods) which affects the "db" parameter.
  • CVE-2023-4791: XSS reflected through /users.php (GET and POST methods) which affects the "NEWNAME" parameter.

Exploitation of these vulnerabilities could allow a remote attacker to send a specially crafted JavaScript payload to an authenticated user and retrieve their session details.

References list
Product Sheet - SQL Buddy
Etiquetas