CVE-2023-22275SQL Injection in Adobe Robohelp

CWE-89SQL Injection3 documents3 sources
Severity
7.5HIGHNVD
EPSS
0.4%
top 39.05%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Adobe RobohelpAdobe Robohelp Server
Timeline
PublishedNov 17

Description

Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead to information disclosure by an unauthenticated attacker. Exploitation of this issue does not require user interaction.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5adobe/robohelpRHS 11.4

🔴Vulnerability Details

2
GHSA
GHSA-4r79-wc6j-9275: Adobe RoboHelp Server versions 112023-11-17
CVEList
ZDI-CAN-21306: Adobe RoboHelp Server GetNewUserId SQL Injection Information Disclosure Vulnerability2023-11-17
CVE-2023-22275 — SQL Injection in Adobe Robohelp | cvebase