Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities by SpeciesFileGroup
CVE-2023-43640 (GCVE-0-2023-43640)
Vulnerability from nvd – Published: 2023-09-22 17:11 – Updated: 2024-09-24 14:23
VLAI
Title
TaxonWorks SQL injection vulnerability
Summary
TaxonWorks is a web-based workbench designed for taxonomists and biodiversity scientists. Prior to version 0.34.0, a SQL injection vulnerability was found in TaxonWorks that allows authenticated attackers to extract arbitrary data from the TaxonWorks database (including the users table). This issue may lead to information disclosure. Version 0.34.0 contains a fix for the issue.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/SpeciesFileGroup/taxonworks/se… | x_refsource_CONFIRM |
| https://github.com/SpeciesFileGroup/taxonworks/co… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SpeciesFileGroup | taxonworks |
Affected:
< 0.34.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:44:43.850Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/SpeciesFileGroup/taxonworks/security/advisories/GHSA-m9p2-jxr6-4p6c",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/SpeciesFileGroup/taxonworks/security/advisories/GHSA-m9p2-jxr6-4p6c"
},
{
"name": "https://github.com/SpeciesFileGroup/taxonworks/commit/a98f2dc610a541678e1e51af47659cd8b30179ae",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/SpeciesFileGroup/taxonworks/commit/a98f2dc610a541678e1e51af47659cd8b30179ae"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-43640",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-24T14:15:21.212594Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-24T14:23:46.578Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "taxonworks",
"vendor": "SpeciesFileGroup",
"versions": [
{
"status": "affected",
"version": "\u003c 0.34.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TaxonWorks is a web-based workbench designed for taxonomists and biodiversity scientists. Prior to version 0.34.0, a SQL injection vulnerability was found in TaxonWorks that allows authenticated attackers to extract arbitrary data from the TaxonWorks database (including the users table). This issue may lead to information disclosure. Version 0.34.0 contains a fix for the issue.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-22T17:11:42.290Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/SpeciesFileGroup/taxonworks/security/advisories/GHSA-m9p2-jxr6-4p6c",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/SpeciesFileGroup/taxonworks/security/advisories/GHSA-m9p2-jxr6-4p6c"
},
{
"name": "https://github.com/SpeciesFileGroup/taxonworks/commit/a98f2dc610a541678e1e51af47659cd8b30179ae",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/SpeciesFileGroup/taxonworks/commit/a98f2dc610a541678e1e51af47659cd8b30179ae"
}
],
"source": {
"advisory": "GHSA-m9p2-jxr6-4p6c",
"discovery": "UNKNOWN"
},
"title": "TaxonWorks SQL injection vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-43640",
"datePublished": "2023-09-22T17:11:42.290Z",
"dateReserved": "2023-09-20T15:35:38.145Z",
"dateUpdated": "2024-09-24T14:23:46.578Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-43640 (GCVE-0-2023-43640)
Vulnerability from cvelistv5 – Published: 2023-09-22 17:11 – Updated: 2024-09-24 14:23
VLAI
Title
TaxonWorks SQL injection vulnerability
Summary
TaxonWorks is a web-based workbench designed for taxonomists and biodiversity scientists. Prior to version 0.34.0, a SQL injection vulnerability was found in TaxonWorks that allows authenticated attackers to extract arbitrary data from the TaxonWorks database (including the users table). This issue may lead to information disclosure. Version 0.34.0 contains a fix for the issue.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/SpeciesFileGroup/taxonworks/se… | x_refsource_CONFIRM |
| https://github.com/SpeciesFileGroup/taxonworks/co… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SpeciesFileGroup | taxonworks |
Affected:
< 0.34.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:44:43.850Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/SpeciesFileGroup/taxonworks/security/advisories/GHSA-m9p2-jxr6-4p6c",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/SpeciesFileGroup/taxonworks/security/advisories/GHSA-m9p2-jxr6-4p6c"
},
{
"name": "https://github.com/SpeciesFileGroup/taxonworks/commit/a98f2dc610a541678e1e51af47659cd8b30179ae",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/SpeciesFileGroup/taxonworks/commit/a98f2dc610a541678e1e51af47659cd8b30179ae"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-43640",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-24T14:15:21.212594Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-24T14:23:46.578Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "taxonworks",
"vendor": "SpeciesFileGroup",
"versions": [
{
"status": "affected",
"version": "\u003c 0.34.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TaxonWorks is a web-based workbench designed for taxonomists and biodiversity scientists. Prior to version 0.34.0, a SQL injection vulnerability was found in TaxonWorks that allows authenticated attackers to extract arbitrary data from the TaxonWorks database (including the users table). This issue may lead to information disclosure. Version 0.34.0 contains a fix for the issue.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-22T17:11:42.290Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/SpeciesFileGroup/taxonworks/security/advisories/GHSA-m9p2-jxr6-4p6c",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/SpeciesFileGroup/taxonworks/security/advisories/GHSA-m9p2-jxr6-4p6c"
},
{
"name": "https://github.com/SpeciesFileGroup/taxonworks/commit/a98f2dc610a541678e1e51af47659cd8b30179ae",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/SpeciesFileGroup/taxonworks/commit/a98f2dc610a541678e1e51af47659cd8b30179ae"
}
],
"source": {
"advisory": "GHSA-m9p2-jxr6-4p6c",
"discovery": "UNKNOWN"
},
"title": "TaxonWorks SQL injection vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-43640",
"datePublished": "2023-09-22T17:11:42.290Z",
"dateReserved": "2023-09-20T15:35:38.145Z",
"dateUpdated": "2024-09-24T14:23:46.578Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}