CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 3CVE-2023-27167 – Suprema BioStar 2 v2.8.16 - SQL Injection
https://notcve.org/view.php?id=CVE-2023-27167
Suprema BioStar 2 v2.8.16 was discovered to contain a SQL injection vulnerability via the values parameter at /users/absence?search_month=1. Suprema BioStar 2 version 2.8.16 suffers from a remote SQL injection vulnerability. • https://www.exploit-db.com/exploits/51340 http://suprema.com https://biostar2.ciklum.net/api/users/absence?search_month=1 https://packetstormsecurity.com/files/171523/Suprema-BioStar-2-2.8.16-SQL-Injection.html https://protey.net/threads/cve-2023-27167-suprema-biostar-2-v2-8-16-sql-injection.995 https://www.linkedin.com/in/yuriy-tsarenko-a1453aa4 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2022-38351
https://notcve.org/view.php?id=CVE-2022-38351
A vulnerability in Suprema BioStar (aka Bio Star) 2 v2.8.16 allows attackers to escalate privileges to System Administrator via a crafted PUT request to the update profile page. Una vulnerabilidad en Suprema BioStar (también conocido como Bio Star) 2 v2.8.16 permite a los atacantes escalar privilegios al administrador del sistema a través de una solicitud PUT elaborada a la página de perfil de actualización • https://nobugescapes.com/blog/privilege-escalation-from-user-operator-to-system-administrator https://nobugescapes.com/wp-content/uploads/2022/08/Part1.docx • CWE-269: Improper Privilege Management •