Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

SQL Injection in VisualCounter I.Stats

Posted date 14/11/2023
Identificador
INCIBE-2023-0495
Importance
5 - Critical
Affected Resources

VisualCounter I.Stats, 7.3 version.

Description

INCIBE has coordinated the publication of one vulnerabilitiy that affects VisualCounter I.Stats, a tool for statistical management of customer flow data in commercial areas, which has been discovered by Ignacio García Mestre (Br4v3n).

This vulnerabilitiy has been assigned the following code, CVSS v3.1 base score, CVSS vector string, and CWE vulnerability type:

  • CVE-2023-5518: CVSS v3.1: 9.8 | CVSS: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | CWE-89.
Solution

There is no solution reported at the moment.

Detail
  • CVE-2023-5518: a SQL injection vulnerability has been found in VisualCounter affecting the I.Stats application in its 7.3 version. This vulnerability allows a remote user to retrieve sensitive data, stored in the database, by sending a specially crafted query to the login parameters.
References list
Product sheet - I.Stats
Etiquetas