CVE-2023-7146

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-7146

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-7146.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-7146

Published

2023-12-29T02:15:45.387Z

Modified

2026-04-10T05:07:47.834264Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A vulnerability, which was classified as critical, has been found in gopeak MasterLab up to 3.3.10. This issue affects the function sqlInjectDelete of the file app/ctrl/framework/Feature.php of the component HTTP POST Request Handler. The manipulation of the argument phone leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-249149 was assigned to this vulnerability.

References

Affected packages

Git / github.com/gopeak/masterlab

Affected ranges

Type

GIT

Repo

https://github.com/gopeak/masterlab

Events

Introduced

Last affected

7d82b94e6867eb7c8ed212dd0f95e7e85bc666fc

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.3.10"
        }
    ]
}

Affected versions

v0.*

v0.9-alpha

v1.*

v1.0

v1.0-beta

v1.0.1

v1.0.2

v1.1

v1.2

v1.2-preview

v2.*

v2.1

v2.2-alpha

v2.2.1-alpha

v3.*

v3.0

v3.0.0RC11

v3.0.0RC12

v3.0.0RC13

v3.0.0RC3

v3.0.0RC4

v3.0.0RC6

v3.0.0RC7

v3.0.0RC8

v3.0.0RC9

v3.1.4

v3.1.5

v3.1.6

v3.1.7

v3.1.9

v3.2.0

v3.2.1

v3.3

v3.3.1

v3.3.10

v3.3.2

v3.3.3

v3.3.4

v3.3.5

v3.3.6

v3.3.7

v3.3.8

v3.3.9

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-7146.json"