Headline
CVE-2023-3100: cve/IBOS sql.md at main · shulao2020/cve
A vulnerability, which was classified as critical, has been found in IBOS 4.5.5. Affected by this issue is the function actionDel of the file ?r=dashboard/approval/del. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-230690 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Permalink
Cannot retrieve contributors at this time
SQL injection exists in ibos office OA
Official website address:http://www.ibos.com.cn/
verison :v4.5.5
Route: r=dashboard/approval/del
Follow through with this method by calling model()->deleteApproval() through the actionDel() method
The createCommand()->update() method is called regardless of the branch in the method
The SQL statement is executed with execute() in this method