CVE-2023-45674

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-45674

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-45674.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-45674

Aliases

GHSA-pgq5-ff74-g7xq

Published

2023-10-13T23:35:51.427Z

Modified

2025-11-29T01:59:23.945481Z

Severity

7.7 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVSS Calculator

Summary

SQL injection vulnerability in Farmbot-Web-App

Details

Farmbot-Web-App is a web control interface for the Farmbot farm automation platform. An SQL injection vulnerability was found in FarmBot's web app that allows authenticated attackers to extract arbitrary data from its database (including the user table). This issue may lead to Information Disclosure. This issue has been patched in version 15.8.4. Users are advised to upgrade. There are no known workarounds for this issue.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/45xxx/CVE-2023-45674.json",
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-89"
    ]
}

References

Affected packages

Git / github.com/farmbot/farmbot-web-app

Affected ranges

Type: GIT
Repo: https://github.com/farmbot/farmbot-web-app
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

a46408fd56b7ba9d59e3790613a78be14de83dc2

Affected versions

13.*

13.1.0

2.*

2.0-alpha

3.*

3.0.0

Other

4-15-15

5.*

5.1.0

6.*

6.1.0

alpha-1.*

alpha-1.0

alpha-1.1

v1.*

v1.2

v10.*

v10.0.0

v10.1.0

v10.1.1

v10.1.2

v10.1.3

v10.2.0

v10.2.1

v10.2.2

v10.2.3

v11.*

v11.0.0

v11.0.1

v11.0.2

v11.0.3

v12.*

v12.0.0

v12.1.0

v12.2.0

v12.2.1

v12.3.1

v12.3.4

v12.3.5

v12.3.6

v12.3.7

v13.*

v13.0.0

v13.1.1

v13.1.2

v13.1.3

v14.*

v14.0.0

v14.1.0

v14.1.1

v14.1.2

v14.1.3

v14.2.1

v14.2.2

v14.2.3

v14.3.0

v14.4.0

v14.5.0

v14.6.0

v14.7.0

v14.8.0

v15.*

v15.0.0

v15.0.1

v15.1.0

v15.1.1

v15.2.0

v15.2.1

v15.2.2

v15.2.3

v15.2.4

v15.2.5

v15.2.6

v15.2.7

v15.3.0

v15.4.0

v15.4.1

v15.4.10

v15.4.11

v15.4.12

v15.4.13

v15.4.14

v15.4.2

v15.4.3

v15.4.4

v15.4.5

v15.4.6

v15.4.7

v15.4.8

v15.4.9

v15.5.0

v15.5.1

v15.5.2

v15.5.3

v15.5.4

v15.6.0

v15.6.1

v15.6.2

v15.6.3

v15.7.0

v15.7.1

v15.8.0

v15.8.1

v15.8.2

v15.8.3

v2.*

v2.0.0

v2.1.0

v2.1.3

v2.1.4

v4.*

v4.0.0

v5.*

v5.0.0

v5.0.0rc1

v6.*

v6.0.0

v6.1.1

v6.2.0

v6.2.1

v6.2.2

v6.3.0

v6.3.1

v6.4

v6.4.1

v6.4.2

v6.5.0

v6.5.1

v6.6.0

v6.6.1

v6.6.2

v6.6.3

v7.*

v7.0.0

v7.1.0

v7.1.1

v7.2.0

v7.2.1

v7.2.2

v7.2.3

v7.2.4

v7.2.5

v7.2.6

v7.3.0

v7.3.1

v7.3.2

v7.3.3

v7.3.4

v8.*

v8.0.0

v8.0.1

v8.0.2

v8.0.3

v8.0.4

v8.0.5

v8.0.6

v8.0.7

v8.1.0

v8.1.1

v8.1.3

v8.1.4

v8.2.0

v8.2.1

v8.2.3

v8.2.4

v9.*

v9.0.0

v9.0.1

v9.0.2

v9.0.3

v9.0.4

v9.1.0

v9.1.1

v9.1.2

v9.1.3

v9.2.0

v9.2.1

v9.2.2

v9.2.3

v9.2.4

v9.2.5

v9.2.6

v9.3.0

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-45674.json"