CVE-2023-22268: ZDI-CAN-21308: Adobe RoboHelp Server getRHSGroupsForRoles SQL Injection Information Disclosure Vulnerability
First published: Fri Nov 17 2023(Updated: )
Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead to information disclosure by an low-privileged authenticated attacker. Exploitation of this issue does not require user interaction.
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Adobe RoboHelp Server | <=11.4 | |
| Microsoft Windows |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this Adobe RoboHelp Server vulnerability?
The vulnerability ID for this Adobe RoboHelp Server vulnerability is CVE-2023-22268.
What is the title of this vulnerability?
The title of this vulnerability is ZDI-CAN-21308: Adobe RoboHelp Server getRHSGroupsForRoles SQL Injection Information Disclosure Vulnerability.
What software versions are affected by this vulnerability?
Adobe RoboHelp Server versions 11.4 and earlier are affected by this vulnerability.
What is the severity of CVE-2023-22268?
The severity of CVE-2023-22268 is medium with a CVSS score of 6.5.
How can an attacker exploit this vulnerability?
An attacker can exploit this vulnerability by injecting malicious SQL commands to disclose sensitive information.
- collector/nvd-api
- agent/title
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/type
- agent/event
- agent/description
- agent/first-publish-date
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/adobe
- canonical/adobe robohelp server
- version/adobe robohelp server/11.4
- vendor/microsoft
- canonical/microsoft windows