Nixpkgs security tracker

Dismissed

Permalink CVE-2023-53982

8.2 HIGH

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): High (H)
Integrity (I): Low (L)
Availability (A): None (N)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): High (H)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): Low (L)
Modified Availability (MA): None (N)

updated 4 months, 1 week ago by @LeSuisse Activity log

Created suggestion 4 months, 1 week ago
@LeSuisse ignored package pmbootstrap 4 months, 1 week ago
@LeSuisse dismissed 4 months, 1 week ago

PMB 7.4.6 SQL Injection Vulnerability via Unsanitized Storage Parameter

PMB 7.4.6 contains a SQL injection vulnerability in the storage parameter of the ajax.php endpoint that allows remote attackers to manipulate database queries. Attackers can exploit the unsanitized 'id' parameter by injecting conditional sleep statements to extract information or perform time-based blind SQL injection attacks.

References

ExploitDB-51197 exploit
Vendor Homepage product
Software Download Repository product
VulnCheck Advisory: PMB 7.4.6 SQL Injection Vulnerability via Unsanitized Storage Parameter third-party-advisory

Affected products

PMB

==7.4.6

Ignored packages (1)

pkgs.pmbootstrap

Sophisticated chroot/build/flash tool to develop and install postmarketOS

nixos-unstable 3.6.0
- nixpkgs-unstable 3.6.0
- nixos-unstable-small 3.6.0

Impacted package not present in nixpkgs.

Suggestion detail

References

Affected products

pkgs.pmbootstrap