CVE-2023-22268

CWE-89SQL Injection3 documents3 sources
Severity
6.5MEDIUM
EPSS
0.3%
top 44.47%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Adobe RobohelpAdobe Robohelp Server
Timeline
PublishedNov 17

Description

Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead to information disclosure by an low-privileged authenticated attacker. Exploitation of this issue does not require user interaction.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5adobe/robohelpRHS 11.4

🔴Vulnerability Details

2
GHSA
GHSA-ch3p-vmmr-63xx: Adobe RoboHelp Server versions 112023-11-17
CVEList
ZDI-CAN-21308: Adobe RoboHelp Server getRHSGroupsForRoles SQL Injection Information Disclosure Vulnerability2023-11-17
CVE-2023-22268 (MEDIUM CVSS 6.5) | Adobe RoboHelp Server versions 11.4 | cvebase.io