CVE-2023-39980

CWE-89 — SQL Injection3 documents3 sources

Severity

8.1HIGH

EPSS

0.4%

top 38.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Moxa Mxsecurity Series Moxa Mxsecurity

Timeline

PublishedSep 2

Description

A vulnerability that allows the unauthorized disclosure of authenticated information has been identified in MXsecurity versions prior to v1.0.1. This vulnerability arises when special elements are not neutralized correctly, allowing remote attackers to alter SQL commands.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:NExploitability: 2.8 | Impact: 4.2

Affected Packages2 packages

▶NVDmoxa/mxsecurity1.0.1

▶CVEListV5moxa/mxsecurity_series1.0 — 1.0.1

Patches

Patch: www.moxa.com ↗Patch: www.moxa.com ↗

🔴Vulnerability Details

CVEList

MXsecurity Authenticated Information Disclosure Due to SQL Injection↗2023-09-02

▶

GHSA

GHSA-86pq-mp59-jq3p: A vulnerability that allows the unauthorized disclosure of authenticated information has been identified in MXsecurity versions prior to v1↗2023-09-02

▶