Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.8
CVSSv3

CVE-2023-42284

Published: 07/11/2023 Updated: 14/11/2023
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 0

Vulnerability Summary

Blind SQL injection in api_version parameter in Tyk Gateway version 5.0.3 allows malicious user to access and dump the database via a crafted SQL query.

Vulnerable Product Search on Vulmon Subscribe to Product

tyk tyk 5.0.3

Github Repositories

https://github.com/andreysanyuk/CVE-2023-42284

Proof of concept for CVE-2023-42284 in Tyk Gateway

Disclaimer For educational purpose only! Details Proof of concept for CVE-2023-42284 Tyk Gateway is vulnerable to SQL injection Fixed in 507 version The URL parameter ‘api_version’ of the "<YOUR_URL>/api/errors/count/?res=day&p=&api_version=<PAYLOAD_HERE>&api_id="is vulnerable to Bli

References

CWE-89https://github.com/andreysanyuk/CVE-2023-42284https://nvd.nist.govhttps://github.com/andreysanyuk/CVE-2023-42284
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073CVE-2024-5496CVE-2024-5495XPath injectionbypassCVE-2024-30043CVE-2024-24919denial of serviceCVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook