CVE-2023-7146
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2023-7146
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-7146.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2023-7146
- Published
- 2023-12-29T02:15:45.387Z
- Modified
- 2025-11-15T10:17:37.180896Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
A vulnerability, which was classified as critical, has been found in gopeak MasterLab up to 3.3.10. This issue affects the function sqlInjectDelete of the file app/ctrl/framework/Feature.php of the component HTTP POST Request Handler. The manipulation of the argument phone leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-249149 was assigned to this vulnerability.
- References
Affected packages
Git / github.com/gopeak/masterlab
Affected ranges
- Type
- GIT
- Repo
- https://github.com/gopeak/masterlab
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
Affected versions
v0.*
v0.9-alpha
v1.*
v1.0
v1.0-beta
v1.0.1
v1.0.2
v1.0.3
v1.0.4
v1.1
v1.2
v1.2-preview
v2.*
v2.0
v2.0-alpha
v2.0.1
v2.0.2
v2.1
v2.1.1
v2.1.2
v2.1.3
v2.1.4
v2.1.5
v2.1.7
v2.1.8
v2.1.9
v2.2-alpha
v2.2.1-alpha
v3.*
v3.0
v3.0.0RC11
v3.0.0RC12
v3.0.0RC13
v3.0.0RC3
v3.0.0RC4
v3.0.0RC6
v3.0.0RC7
v3.0.0RC8
v3.0.0RC9
v3.1.4
v3.1.5
v3.1.6
v3.1.7
v3.1.8
v3.1.9
v3.2.0
v3.2.1
v3.3
v3.3.1
v3.3.10
v3.3.2
v3.3.3
v3.3.4
v3.3.5
v3.3.6
v3.3.7
v3.3.8
v3.3.9