VDB
CVE-2023-4850
CVE-2023-4850
PUBLISHED
CVSS 6.300000190734863 MEDIUM
A vulnerability, which was classified as critical, was found in IBOS OA 4.5.5. This affects an unknown part of the file ?r=dashboard/position/del. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-239259.
EPSS 0.07% · 20.7th percentile
Risk Scores
CVSS 3.1
6.300000190734863
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
EPSS Score
0.07%
20.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| ibos | ibos | 4.5.5, 4.5.5 |
| IBOS | OA | 4.5.5, 4.5.5 |
Exploit Intelligence
- CIRCL seen: CVE-2023-4850 (circl-sighting)
- https://vuldb.com/?id.239259 (circl)
- https://vuldb.com/?ctiid.239259 (circl)
- https://github.com/RCEraser/cve/blob/main/sql_inject_2.md (cve.org)
Timeline
- Sep 9, 2023 CVE Published
- Sep 9, 2023 PoC Published
- Sep 10, 2023 EPSS Score
- Oct 12, 2023 EPSS Score
- Nov 14, 2023 EPSS Score
- Dec 16, 2023 EPSS Score
- Jan 18, 2024 EPSS Score
- Feb 19, 2024 EPSS Score
- Mar 23, 2024 EPSS Score
- Apr 24, 2024 EPSS Score
- May 27, 2024 EPSS Score
- Jun 28, 2024 EPSS Score