CVE-2023-5153

CWE-89SQL Injection3 documents3 sources
Severity
6.5MEDIUM
EPSS
0.4%
top 37.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Dlink Dar-7000 FirmwareD-link Dar-8000
Timeline
PublishedSep 25

Description

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DAR-8000 up to 20151231. This affects an unknown part of the file /Tool/querysql.php. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-240249 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOT

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LExploitability: 2.8 | Impact: 3.4

Affected Packages2 packages

CVEListV5d-link/dar-800020151231
NVDdlink/dar-7000_firmware2015-12-31

🔴Vulnerability Details

2
CVEList
D-Link DAR-8000 querysql.php sql injection2023-09-25
GHSA
GHSA-c8qw-jpg3-vv7v: ** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DAR-8000 up to2023-09-25
CVE-2023-5153 (MEDIUM CVSS 6.5) | ** UNSUPPORTED WHEN ASSIGNED ** A v | cvebase.io