Server-side request forgery vulnerability exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3. A user who can access the affected product with an administrative privilege may bypass the database restriction set on the query setting page, and connect to a user unintended database.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: jpcert
Published: 2023-06-01T00:00:00
Updated: 2023-06-01T00:00:00
Reserved: 2023-05-11T00:00:00
Link: CVE-2023-28824
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-06-01T02:15:09.673
Modified: 2023-06-08T13:47:32.470
Link: CVE-2023-28824
JSON object: View
Redhat Information
No data.
CWE