We are reliable, trustworthy, and ready for challenges! Hire Us
Cerebrate – Blind SQL injection
- Home
- Advisories
- Cerebrate – Blind SQL injection
DATE
27.03.2023
Affected Vendor
CIRCL – Computer Incident Response Center Luxembourg
Affected Product
Cerebrate – Open-source platform meant to act as a trusted contact information provider and interconnection orchestrator for other security tools (such as MISP)
Vulnerable version
1.13
Fixed version
1.13
CVSS
9.8 Critical CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Recommendations
Update to Cerebrate version 1.3 latest patch or higher
Vulnerability details
‘limit’ parameter of the ‘searchAll’ action of the ‘Instance’ controller is vulnerable to Blind SQL injection vulnerability. This vulnerability was detected with help of Cake Fuzzer: https://github.com/Zigrin-Security/CakeFuzzer
CVE
CVE-2023-28883
Credits
Ulaş Deniz İlhan
Do you think the security of your data might be lacking? Let's find the best approach together.
Once you contact us, we will ask you about the project you want to secure.