Vulnerabilities > CVE-2023-22900 - Unspecified vulnerability in Thinkingsoftware Efence 1.2.58

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

thinkingsoftware

NVD

Published: 2023-01-31

Updated: 2024-11-21

Summary

Efence login function has insufficient validation for user input. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify or delete database.

Vulnerable Configurations

Part	Description	Count
Application	Thinkingsoftware Thinkingsoftware Efence 1.2.58	1

References

https://www.twcert.org.tw/tw/cp-132-6885-d679e-1.html
https://www.twcert.org.tw/tw/cp-132-6885-d679e-1.html