CVE-2023-2212
published 2023-04-21CVE-2023-2212: A vulnerability was found in Campcodes Coffee Shop POS System 1.0. It has been classified as critical. This affects an unknown part of the file…
PriorityP344high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
0.61%
44.5th percentile
A vulnerability was found in Campcodes Coffee Shop POS System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/products/view_product.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-226977 was assigned to this vulnerability.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| campcodes | coffee_shop_pos_system | — | — |
| coffee_shop_pos_system_project | coffee_shop_pos_system | — | — |
| linux | linux_kernel | >= 3.15.0 < 5.10.218 | 5.10.218 |
| linux | linux_kernel | >= 5.11.0 < 5.15.160 | 5.15.160 |
| linux | linux_kernel | >= 5.16.0 < 6.1.24 | 6.1.24 |
| linux | linux_kernel | >= 6.2.0 < 6.2.11 | 6.2.11 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
vendor_redhat4.7MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
netlink: annotate lockless accesses to nlk->max_recvmsg_len
osv·2025-12-09
CVE-2023-53824 netlink: annotate lockless accesses to nlk->max_recvmsg_len
netlink: annotate lockless accesses to nlk->max_recvmsg_len
In the Linux kernel, the following vulnerability has been resolved:
netlink: annotate lockless accesses to nlk->max_recvmsg_len
syzbot reported a data-race in data-race in netlink_recvmsg() [1]
Indeed, netlink_recvmsg() can be run concurrently,
and netlink_dump() also needs protection.
[1]
BUG: KCSAN: data-race in netlink_recvmsg / netlink_recvmsg
read to 0xffff888141840b38 of 8 bytes by task 23057 on cpu 0:
netlink_recvmsg+0xea/0x730 net/netlink/af_netlink.c:1988
sock_recvmsg_nosec net/socket.c:1017 [inline]
sock_recvmsg net/socket.c:1038 [inline]
__sys_recvfrom+0x1ee/0x2e0 net/socket.c:2194
__do_sys_recvfrom net/socket.c:2212 [inline]
__se_sys_recvfrom net/socket.c:2208 [inline]
__x64_sys_recvfrom+0x78/0x90 net/socket.c:22
GHSA
GHSA-9p35-f7r2-9pgp: A vulnerability was found in Campcodes Coffee Shop POS System 1
ghsa_unreviewed·2023-04-21
CVE-2023-2212 [MEDIUM] CWE-89 GHSA-9p35-f7r2-9pgp: A vulnerability was found in Campcodes Coffee Shop POS System 1
A vulnerability was found in Campcodes Coffee Shop POS System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/products/view_product.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-226977 was assigned to this vulnerability.
Citrix
Citrix Virtual Apps and Desktops Security Bulletin for CVE-2023-24483
vendor_citrix·CVSS 7.8
CVE-2023-24483 [HIGH] CWE-269 Citrix Virtual Apps and Desktops Security Bulletin for CVE-2023-24483
Citrix Virtual Apps and Desktops Security Bulletin for CVE-2023-24483
Vulnerability Type Pre-conditions CVE-2023-24483 Privilege Escalation to NT AUTHORITY\SYSTEM on the vulnerable VDA CWE-269: Improper Privilege Management Local access to a Windows VDA as a standard Windows user The vulnerability affects the following supported versions of Citrix Virtual Apps and Desktops: Current Release (CR) Citrix Virtual Apps and Desktops versions before 2212 Long Term Service Release (LTSR) Citrix Virtual Apps and Desktops 2203 LTSR before CU2 Citrix Virtual Apps and Desktops 1912 LTSR before CU6 In addition, customers using Citrix Virtual Apps and Desktops Service using any of the vulnerable versions of Citrix Virtual Apps and Desktops Windows VDA are affected and need to take action. Instructions
No detection rules found.
No public exploits indexed.
https://github.com/E1CHO/cve_hub/blob/main/Coffee%20Shop%20POS%20System/Coffee%20Shop%20POS%20System%20-%20vuln%204.pdfhttps://vuldb.com/?ctiid.226977https://vuldb.com/?id.226977https://github.com/E1CHO/cve_hub/blob/main/Coffee%20Shop%20POS%20System/Coffee%20Shop%20POS%20System%20-%20vuln%204.pdfhttps://vuldb.com/?ctiid.226977https://vuldb.com/?id.226977
2023-04-21
Published