Home > Vulnerability Database > CVE-2023-33180

Mend.io Vulnerability Database

CVE-2023-33180

Good to know:

Date: May 30, 2023

Xibo is a content management system (CMS). An SQL injection vulnerability was discovered starting in version 3.2.0 and prior to version 3.3.2 in the `/display/map` API route inside the CMS. This allows an authenticated user to exfiltrate data from the Xibo database by injecting specially crafted values in to the `bounds` parameter. Users should upgrade to version 3.3.5, which fixes this issue. There are no known workarounds aside from upgrading.

Language: PHP

Severity Score

6.5

Related Resources (5)

Url: https://claroty.com/team82/disclosure-dashboard

Url: https://github.com/xibosignage/xibo-cms/security/advisories/GHSA-7ww5-x9rm-qm89

Url: https://xibosignage.com/blog/security-advisory-2023-05/

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-33180

Url: https://www.mend.io/vulnerability-database/CVE-2023-33180

Severity Score

6.5

Weakness Type (CWE)

SQL Injection

CWE-89

Top Fix

Upgrade Version

Upgrade to version 2.3.17,3.3.5

Learn More

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-33180

Good to know:

Date: May 30, 2023

Language: PHP

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?