Forum MenüForum-NavigationForumAktivitätAnmeldenRegistrierenForum-Breadcrumbs - Du bist hier:ForumOffenes Forum: Security AdvisoriesCVE-2023-33180 - XiboAntwortenAntworten: CVE-2023-33180 - Xibo <blockquote><div class="quotetitle">Zitat von <a class="profile-link highlight-default" href="https://mits.nrw/forum/profile/forum/">MITs Forum</a> am 30. Mai 2023, 0:00 Uhr</div>Xibo is a content management system (CMS). An SQL injection vulnerability was discovered starting in version 3.2.0 and prior to version 3.3.2 in the `/display/map` API route inside the CMS. This allows an authenticated user to exfiltrate data from the Xibo database by injecting specially crafted values in to the `bounds` parameter. Users should upgrade to version 3.3.5, which fixes this issue. There are no known workarounds aside from upgrading. References https://claroty.com/team82/disclosure-dashboard https://github.com/xibosignage/xibo-cms/security/advisories/GHSA-7ww5-x9rm-qm89 https://xibosignage.com/blog/security-advisory-2023-05/</blockquote><br> Abbrechen
