CVE-2023-25651

high

Description

There is a SQL injection vulnerability in some ZTE mobile internet products. Due to insufficient input validation of SMS interface parameter, an authenticated attacker could use the vulnerability to execute SQL injection and cause information leak.

References

https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1032684

Details

Source: Mitre, NVD

Published: 2023-12-14

Updated: 2023-12-19

Risk Information

CVSS v2

Base Score: 7.7

Vector: CVSS2#AV:A/AC:L/Au:S/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 8

Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H