CVE-2023-22275: ZDI-CAN-21306: Adobe RoboHelp Server GetNewUserId SQL Injection Information Disclosure Vulnerability
First published: Fri Nov 17 2023(Updated: )
Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead to information disclosure by an unauthenticated attacker. Exploitation of this issue does not require user interaction.
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Adobe RoboHelp Server | <=11.4 | |
| Microsoft Windows |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2023-22275?
CVE-2023-22275 is an SQL Injection vulnerability in Adobe RoboHelp Server that could lead to information disclosure by an unauthenticated attacker.
How does CVE-2023-22275 affect Adobe RoboHelp Server?
CVE-2023-22275 affects Adobe RoboHelp Server versions 11.4 and earlier.
What is the severity of CVE-2023-22275?
The severity of CVE-2023-22275 is high with a CVSS score of 7.5.
How can an attacker exploit CVE-2023-22275?
An attacker can exploit CVE-2023-22275 by injecting malicious SQL commands to retrieve sensitive information from the server.
Is user interaction required to exploit CVE-2023-22275?
No, user interaction is not required to exploit CVE-2023-22275.
How can I fix CVE-2023-22275?
To fix CVE-2023-22275, update Adobe RoboHelp Server to version 11.4.1 or later.
- collector/nvd-api
- agent/severity
- agent/references
- agent/author
- agent/weakness
- agent/tags
- agent/event
- agent/title
- agent/type
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/adobe
- canonical/adobe robohelp server
- version/adobe robohelp server/11.4
- vendor/microsoft
- canonical/microsoft windows