CVE-2023-1610
Rebuild list sql injection
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
A vulnerability, which was classified as critical, has been found in Rebuild up to 3.2.3. Affected by this issue is some unknown functionality of the file /project/tasks/list. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. VDB-223742 is the identifier assigned to this vulnerability.
Eine kritische Schwachstelle wurde in Rebuild bis 3.2.3 entdeckt. Dies betrifft einen unbekannten Teil der Datei /project/tasks/list. Mit der Manipulation mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung. Als bestmögliche Massnahme wird Patching empfohlen.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2023-03-23 CVE Reserved
- 2023-03-23 CVE Published
- 2024-08-02 CVE Updated
- 2024-08-02 First Exploit
- 2024-10-13 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://vuldb.com/?id.223742 | Technical Description |
| URL | Date | SRC |
|---|---|---|
| https://github.com/getrebuild/rebuild/issues/597 | 2024-08-02 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Ruifang-tech Search vendor "Ruifang-tech" | Rebuild Search vendor "Ruifang-tech" for product "Rebuild" | <= 3.2.3 Search vendor "Ruifang-tech" for product "Rebuild" and version " <= 3.2.3" | - |
Affected
| ||||||