CVE-2023-7331 (CNNVD-202512-5505)
中文标题:
Full Stack Bank SQL注入漏洞
英文标题:
PKrystian Full-Stack-Bank User sql injection
漏洞描述
中文描述:
Full Stack Bank是Krystian Pińczak个人开发者的一个银行系统。 Full Stack Bank存在SQL注入漏洞,该漏洞源于对组件User Handler的未知代码操作,可能导致SQL注入攻击。
英文描述:
A vulnerability was detected in PKrystian Full-Stack-Bank up to bf73a0179e3ff07c0d7dc35297cea0be0e5b1317. This vulnerability affects unknown code of the component User Handler. Performing manipulation results in sql injection. It is possible to initiate the attack remotely. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The patch is named 25c9965a872c704f3a9475488dc5d3196902199a. It is suggested to install a patch to address this issue.
CWE类型:
标签:
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| PKrystian | Full-Stack-Bank | bf73a0179e3ff07c0d7dc35297cea0be0e5b1317 | - | - |
cpe:2.3:a:pkrystian:full-stack-bank:bf73a0179e3ff07c0d7dc35297cea0be0e5b1317:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
CVSS评分详情
4.0 (cna)
MEDIUMCVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X
3.1 (cna)
MEDIUMCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C
3.0 (cna)
MEDIUMCVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C
2.0 (cna)
MEDIUMAV:N/AC:L/Au:M/C:P/I:P/A:P/E:ND/RL:OF/RC:C
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2023-7331 |
2026-01-04 02:04:26 | 2026-01-12 02:09:27 |
| NVD | nvd_CVE-2023-7331 |
2026-01-03 03:00:03 | 2026-01-12 02:27:09 |
| CNNVD | cnnvd_CNNVD-202512-5505 |
2026-01-11 06:15:02 | 2026-01-12 02:38:10 |
版本与语言
安全公告
变更历史
查看详细变更
- vulnerability_type: 未提取 -> SQL注入
- cnnvd_id: 未提取 -> CNNVD-202512-5505
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
查看详细变更
- data_sources: ['cve'] -> ['cve', 'nvd']