CVE-2023-5152

CWE-89SQL Injection3 documents3 sources
Severity
6.5MEDIUM
EPSS
0.4%
top 38.24%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Dlink Dar-8000 FirmwareD-link Dar-7000D-link Dar-8000
Timeline
PublishedSep 25

Description

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been found in D-Link DAR-7000 and DAR-8000 up to 20151231. Affected by this issue is some unknown functionality of the file /importexport.php. The manipulation of the argument sql leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-240248. NOTE: This vulnerability only affects products that are no

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LExploitability: 2.8 | Impact: 3.4

Affected Packages3 packages

NVDdlink/dar-8000_firmware2015-12-31
CVEListV5d-link/dar-700020151231
CVEListV5d-link/dar-800020151231

🔴Vulnerability Details

2
CVEList
D-Link DAR-7000/DAR-8000 importexport.php sql injection2023-09-25
GHSA
GHSA-6vvc-q8cj-xj4x: ** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been found in D-Link DAR-80002023-09-25
CVE-2023-5152 (MEDIUM CVSS 6.5) | ** UNSUPPORTED WHEN ASSIGNED ** A v | cvebase.io