VDB
CVE-2023-4851
CVE-2023-4851
PUBLISHED
CVSS 6.300000190734863 MEDIUM
A vulnerability has been found in IBOS OA 4.5.5 and classified as critical. This vulnerability affects unknown code of the file ?r=dashboard/position/edit&op=member. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-239260.
EPSS 0.05% · 17.6th percentile
Risk Scores
CVSS 3.1
6.300000190734863
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
EPSS Score
0.05%
17.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| IBOS | OA | 4.5.5, 4.5.5 |
| ibos | ibos | 4.5.5, 4.5.5 |
Exploit Intelligence
- CIRCL exploited: CVE-2023-4851 (circl-sighting)
- CIRCL seen: CVE-2023-4851 (circl-sighting)
- https://vuldb.com/?id.239260 (circl)
- https://vuldb.com/?ctiid.239260 (circl)
- https://github.com/liuqiba12345678/cve/blob/main/sql.md (cve.org)
Timeline
- Sep 9, 2023 CVE Published
- Sep 9, 2023 PoC Published
- Sep 10, 2023 EPSS Score
- Sep 11, 2023 PoC Published
- Oct 12, 2023 EPSS Score
- Nov 14, 2023 EPSS Score
- Dec 16, 2023 EPSS Score
- Jan 18, 2024 EPSS Score
- Feb 19, 2024 EPSS Score
- Mar 23, 2024 EPSS Score
- Apr 24, 2024 EPSS Score
- May 27, 2024 EPSS Score