CVE-2023-7144
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2023-7144
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-7144.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2023-7144
- Published
- 2023-12-29T01:15:44Z
- Modified
- 2025-02-14T11:50:52.296788Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
A vulnerability classified as critical has been found in gopeak MasterLab up to 3.3.10. This affects the function sqlInject of the file app/ctrl/framework/Feature.php of the component HTTP POST Request Handler. The manipulation of the argument pwd leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249147.
- References
Affected packages
Git / github.com/gopeak/masterlab
Affected ranges
- Type
- GIT
- Repo
- https://github.com/gopeak/masterlab
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
Affected versions
v0.*
v0.9-alpha
v1.*
v1.0
v1.0-beta
v1.0.1
v1.0.2
v1.0.3
v1.0.4
v1.1
v1.2
v1.2-preview
v2.*
v2.0
v2.0-alpha
v2.0.1
v2.0.2
v2.1
v2.1.1
v2.1.2
v2.1.3
v2.1.4
v2.1.5
v2.1.7
v2.1.8
v2.1.9
v2.2-alpha
v2.2.1-alpha
v3.*
v3.0
v3.0.0RC11
v3.0.0RC12
v3.0.0RC13
v3.0.0RC3
v3.0.0RC4
v3.0.0RC6
v3.0.0RC7
v3.0.0RC8
v3.0.0RC9
v3.1.4
v3.1.5
v3.1.6
v3.1.7
v3.1.8
v3.1.9
v3.2.0
v3.2.1
v3.3
v3.3.1
v3.3.10
v3.3.2
v3.3.3
v3.3.4
v3.3.5
v3.3.6
v3.3.7
v3.3.8
v3.3.9