CVE-2023-27167
published 2023-03-29CVE-2023-27167: Suprema BioStar 2 v2.8.16 was discovered to contain a SQL injection vulnerability via the values parameter at /users/absence?search_month=1.
PriorityP351medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
EXPLOIT
EPSS
7.50%
93.7th percentile
Suprema BioStar 2 v2.8.16 was discovered to contain a SQL injection vulnerability via the values parameter at /users/absence?search_month=1.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| supremainc | biostar_2 | <= 2.8.16 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Suprema BioStar 2
cisa_ics·2023-09-26·CVSS 6.5
[MEDIUM] Suprema BioStar 2
ICS Advisory
##
Suprema BioStar 2
Release DateSeptember 26, 2023
Alert CodeICSA-23-269-01
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 6.5
- ATTENTION: Exploitable remotely/low attack complexity/public exploits are available
- Vendor: Suprema Inc.
- Equipment: BioStar 2
- Vulnerability: SQL Injection
## 2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to perform a SQL injection to execute arbitrary commands.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following versions of Suprema BioStar 2, an access control system, are affected:
- BioStar 2: version 2.8.16
## 3.2 Vulnerability Overview
3.2.1 IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN SQL COMMAND ('SQL INJECTION') CWE-89
Suprema BioStar 2
GHSA
GHSA-grmq-x6cq-3wxv: Suprema BioStar 2 v2
ghsa_unreviewed·2023-03-29
CVE-2023-27167 [MEDIUM] CWE-89 GHSA-grmq-x6cq-3wxv: Suprema BioStar 2 v2
Suprema BioStar 2 v2.8.16 was discovered to contain a SQL injection vulnerability via the values parameter at /users/absence?search_month=1.
No detection rules found.
No writeups or analysis indexed.
http://suprema.comhttps://biostar2.ciklum.net/api/users/absence?search_month=1https://packetstormsecurity.com/files/171523/Suprema-BioStar-2-2.8.16-SQL-Injection.htmlhttps://protey.net/threads/cve-2023-27167-suprema-biostar-2-v2-8-16-sql-injection.995/https://www.linkedin.com/in/yuriy-tsarenko-a1453aa4/http://suprema.comhttps://biostar2.ciklum.net/api/users/absence?search_month=1https://packetstormsecurity.com/files/171523/Suprema-BioStar-2-2.8.16-SQL-Injection.htmlhttps://protey.net/threads/cve-2023-27167-suprema-biostar-2-v2-8-16-sql-injection.995/https://www.linkedin.com/in/yuriy-tsarenko-a1453aa4/
2023-03-29
Published