CVE-2023-25651

SQL Injection Vulnerability in Some ZTE Mobile Internet Products

CVSS 4.3 MEDIUMEPSS 0.3%CWE-20

There is a SQL injection vulnerability in some ZTE mobile internet products. Due to insufficient input validation of SMS interface parameter, an authenticated attacker could use the vulnerability to execute SQL injection and cause information leak.

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

Produtos afetados

ZTE · Mobile Internet Products

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1032684