CVE-2023-45674 Vulnerability Details

  /     /     /  

CVE-2023-45674 Metadata Quick Info

CVE Published: 13/10/2023 | CVE Updated: 16/09/2024 | CVE Year: 2023
Source: GitHub_M | Vendor: FarmBot | Product: Farmbot-Web-App
Status : PUBLISHED

CVE-2023-45674 Description

Farmbot-Web-App is a web control interface for the Farmbot farm automation platform. An SQL injection vulnerability was found in FarmBot\'s web app that allows authenticated attackers to extract arbitrary data from its database (including the user table). This issue may lead to Information Disclosure. This issue has been patched in version 15.8.4. Users are advised to upgrade. There are no known workarounds for this issue.

Metrics

CVSS Version: 3.1 | Base Score: 7.7 HIGH
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

l➤ Exploitability Metrics:
    Attack Vector (AV)* NETWORK
    Attack Complexity (AC)* LOW
    Privileges Required (PR)* LOW
    User Interaction (UI)* NONE
    Scope (S)* CHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* HIGH
    Integrity Impact (I)* NONE
    Availability Impact (A)* NONE

Weakness Enumeration (CWE)

CWE-ID: CWE-89
CWE Name: CWE-89: Improper Neutralization of Special Elements used in an SQL Command ( SQL Injection )
Source: FarmBot

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).