CVE-2023-33180
CVSS V2 None
CVSS V3 None
Description
Xibo is a content management system (CMS). An SQL injection vulnerability was discovered starting in version 3.2.0 and prior to version 3.3.2 in the `/display/map` API route inside the CMS. This allows an authenticated user to exfiltrate data from the Xibo database by injecting specially crafted values in to the `bounds` parameter. Users should upgrade to version 3.3.5, which fixes this issue. There are no known workarounds aside from upgrading.
Overview
- CVE ID
- CVE-2023-33180
- Assigner
- GitHub_M
- Vulnerability Status
- PUBLISHED
- Published Version
- 2023-05-30T20:18:40.895Z
- Last Modified Date
- 2023-05-30T20:18:40.895Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://github.com/xibosignage/xibo-cms/security/advisories/GHSA-7ww5-x9rm-qm89 | x_refsource_CONFIRM |
| https://claroty.com/team82/disclosure-dashboard | x_refsource_MISC |
| https://xibosignage.com/blog/security-advisory-2023-05/ | x_refsource_MISC |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2023-33180 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33180 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-06-25 08:05:50 | Added to TrackCVE |