CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 3CVE-2023-27167 – Suprema BioStar 2 v2.8.16 - SQL Injection
https://notcve.org/view.php?id=CVE-2023-27167
Suprema BioStar 2 v2.8.16 was discovered to contain a SQL injection vulnerability via the values parameter at /users/absence?search_month=1. Suprema BioStar 2 version 2.8.16 suffers from a remote SQL injection vulnerability. • https://www.exploit-db.com/exploits/51340 http://suprema.com https://biostar2.ciklum.net/api/users/absence?search_month=1 https://packetstormsecurity.com/files/171523/Suprema-BioStar-2-2.8.16-SQL-Injection.html https://protey.net/threads/cve-2023-27167-suprema-biostar-2-v2-8-16-sql-injection.995 https://www.linkedin.com/in/yuriy-tsarenko-a1453aa4 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2022-38351
https://notcve.org/view.php?id=CVE-2022-38351
A vulnerability in Suprema BioStar (aka Bio Star) 2 v2.8.16 allows attackers to escalate privileges to System Administrator via a crafted PUT request to the update profile page. Una vulnerabilidad en Suprema BioStar (también conocido como Bio Star) 2 v2.8.16 permite a los atacantes escalar privilegios al administrador del sistema a través de una solicitud PUT elaborada a la página de perfil de actualización • https://nobugescapes.com/blog/privilege-escalation-from-user-operator-to-system-administrator https://nobugescapes.com/wp-content/uploads/2022/08/Part1.docx • CWE-269: Improper Privilege Management •
CVSS: 7.5EPSS: 61%CPEs: 1EXPL: 2CVE-2020-15050 – Bio Star 2.8.2 - Local File Inclusion
https://notcve.org/view.php?id=CVE-2020-15050
An issue was discovered in the Video Extension in Suprema BioStar 2 before 2.8.2. Remote attackers can read arbitrary files from the server via Directory Traversal. Se detectó un problema en la Extensión de Video en Suprema BioStar 2 versiones anteriores a 2.8.2. Los atacantes remotos pueden leer archivos arbitrarios desde el servidor por medio de un Salto de Directorio Bio Star version 2.8.2 suffers from a local file inclusion vulnerability. • https://www.exploit-db.com/exploits/48708 http://packetstormsecurity.com/files/158576/Bio-Star-2.8.2-Local-File-Inclusion.html https://www.supremainc.com/en/support/biostar-2-pakage.asp • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •