Lucene search

PRIOn knowledge basePRION:CVE-2023-22319

HistoryJul 06, 2023 - 3:15 p.m.

Sql injection

2023-07-0615:15:00

PRIOn knowledge base

www.prio-n.com

milesight vpn

loginauth

sql injection

vulnerability

requesthandlers.js

authentication bypass

crafted network request

9.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

35.9%

JSON

A sql injection vulnerability exists in the requestHandlers.js LoginAuth functionality of Milesight VPN v2.0.2. A specially-crafted network request can lead to authentication bypass. An attacker can send a malicious packet to trigger this vulnerability.

CPENameOperatorVersion
milesightvpneq2.0.2

CPE	Name	Operator	Version
	milesightvpn	eq	2.0.2

References

talosintelligence.com/vulnerability_reports/TALOS-2023-1701