XMPie uStore 12.3.7244.0 allows for administrators to generate reports based on raw SQL queries. Since the application ships with default administrative credentials, an attacker may authenticate into the application and exfiltrate sensitive information from the database.
References
Link | Resource |
---|---|
http://xmpie.com | Vendor Advisory |
https://www.linkedin.com/feed/update/urn:li:activity:6894666176450887681?commentUrn=urn%3Ali%3Acomment%3A%28activity%3A6894666176450887681%2C6895051709354192896%29 | Third Party Advisory |
https://www.triaxiomsecurity.com/xmpie-ustore-vulnerabilities-discovered/ | Exploit Third Party Advisory |
https://www.xmpie.com/ustore-release-notes/ | Release Notes Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-02-07T10:47:33
Updated: 2022-02-07T10:47:33
Reserved: 2022-01-18T00:00:00
Link: CVE-2022-23320
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-02-07T11:15:07.930
Modified: 2023-08-08T14:22:24.967
Link: CVE-2022-23320
JSON object: View
Redhat Information
No data.
CWE