A vulnerability was found in MLECMS 3.0. It has been rated as critical. This issue affects the function get_url in the library /upload/inc/lib/admin of the file upload\inc\include\common.func.php. The manipulation of the argument $_SERVER['REQUEST_URI'] leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227717 was assigned to this vulnerability.
History

Thu, 30 Jan 2025 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2023-04-29T01:31:03.540Z

Updated: 2025-01-30T18:17:15.876Z

Reserved: 2023-04-28T17:01:08.401Z

Link: CVE-2023-2420

cve-icon Vulnrichment

Updated: 2024-08-02T06:19:15.105Z

cve-icon NVD

Status : Modified

Published: 2023-04-29T02:15:09.383

Modified: 2024-11-21T07:58:35.080

Link: CVE-2023-2420

cve-icon Redhat

No data.