CVE-2023-30465

CWE-89SQL Injection4 documents4 sources
Severity
5.3MEDIUM
EPSS
0.6%
top 31.46%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache Software Foundation Apache InlongApache Inlong
Timeline
PublishedApr 11
Latest updateJul 6

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.5.0. By manipulating the "orderType" parameter and the ordering of the returned content using an SQL injection attack, an attacker can extract the username of the user with ID 1 from the "user" table, one character at a time. Users are advised to upgrade to Apache InLong's 1.6.0 or cherry-pick [1] to

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages4 packages

CVEListV5apache_software_foundation/apache_inlong1.4.01.5.0
Mavenorg.apache.inlong:manager-pojo1.4.01.6.0
Mavenorg.apache.inlong:manager-service1.4.01.6.0
NVDapache/inlong1.4.0, 1.5.0+1

🔴Vulnerability Details

3
GHSA
Apache InLong SQL Injection vulnerability2023-07-06
OSV
Apache InLong SQL Injection vulnerability2023-07-06
CVEList
Apache InLong: SQL injection in apache inLong 1.5.02023-04-11
CVE-2023-30465 (MEDIUM CVSS 5.3) | Improper Neutralization of Special | cvebase.io