Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-42283

Published: 07/11/2023 Updated: 14/11/2023
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 0

Vulnerability Summary

Blind SQL injection in api_id parameter in Tyk Gateway version 5.0.3 allows malicious user to access and dump the database via a crafted SQL query.

Vulnerable Product Search on Vulmon Subscribe to Product

tyk tyk 5.0.3

Github Repositories

https://github.com/andreysanyuk/CVE-2023-42283

Proof of concept for CVE-2023-42283 in Tyk Gateway

Disclaimer For educational purpose only! Details Proof of concept for CVE-2023-42283 Tyk Gateway is vulnerable to SQL injection Fixed in 507 version The URL parameter ‘api_id’ of the "<YOUR_URL>/api/errors/count/?res=day&p=&api_version=&api_id=<PAYLOAD_HERE>"is vulnerable to Blind SQ

References

CWE-89https://github.com/andreysanyuk/CVE-2023-42283https://nvd.nist.govhttps://github.com/andreysanyuk/CVE-2023-42283
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380CVE-2024-1694local file inclusionCVE-2024-5645CVE-2024-24919XSSCVE-2024-36774CVE-2024-21306SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook