ID |
CVE-2023-7186
|
Sažetak |
A vulnerability was found in 7-card Fakabao up to 1.0_build20230805. It has been declared as critical. This vulnerability affects unknown code of the file member/notify.php. The manipulation of the argument out_trade_no leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249388. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. |
Reference |
|
CVSS |
Base: | 5.2 |
Impact: | 6.4 |
Exploitability: | 5.1 |
|
Pristup |
Vektor | Složenost | Autentikacija |
ADJACENT_NETWORK |
LOW |
SINGLE |
|
Impact |
Povjerljivost | Cjelovitost | Dostupnost |
PARTIAL |
PARTIAL |
PARTIAL |
|
CVSS vektor |
AV:A/AC:L/Au:S/C:P/I:P/A:P |
Zadnje važnije ažuriranje |
13-02-2024 - 08:16 |
Objavljeno |
31-12-2023 - 13:15 |