A SQL injection vulnerability in Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, and MX30 with firmware versions prior to 17.0.10 patch 17161 and 16.04 patch 16109 allows an authenticated attacker to execute arbitrary SQL queries on the backend database via the filter parameter in requests to the /newapi/ endpoint in the Zultys MX web interface.
References
Link | Resource |
---|---|
https://github.com/atredispartners/advisories/blob/master/ATREDIS-2023-0002.md | Third Party Advisory |
https://mxvirtual.com | Product |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2023-12-08T00:00:00
Updated: 2023-12-08T01:08:14.033078
Reserved: 2023-09-22T00:00:00
Link: CVE-2023-43743
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-12-08T01:15:07.270
Modified: 2023-12-13T15:38:28.213
Link: CVE-2023-43743
JSON object: View
Redhat Information
No data.
CWE