CVE-2023-5322

CWE-89SQL Injection3 documents3 sources
Severity
8.8HIGH
EPSS
0.5%
top 35.12%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Dlink Dar-7000 FirmwareD-link Dar-7000
Timeline
PublishedOct 1

Description

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DAR-7000 up to 20151231. It has been rated as critical. Affected by this issue is some unknown functionality of the file /sysmanage/edit_manageadmin.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-240992. NOTE: This vulnerability only affects products that are no longer s

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:LExploitability: 1.2 | Impact: 3.4

Affected Packages2 packages

NVDdlink/dar-7000_firmware2015-12-31
CVEListV5d-link/dar-700020151231

🔴Vulnerability Details

2
CVEList
D-Link DAR-7000 edit_manageadmin.php sql injection2023-10-01
GHSA
GHSA-pwj3-ccfm-6r93: ** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DAR-7000 up to 201512312023-10-01
CVE-2023-5322 (HIGH CVSS 8.8) | ** UNSUPPORTED WHEN ASSIGNED ** A v | cvebase.io