CVE-2023-0016— SQL Injection vulnerability in SAP Business Planning and Consolidation MS
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2023-0016
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
SQL Injection vulnerability in SAP Business Planning and Consolidation MS
Source: NVD (National Vulnerability Database)
Vulnerability Description
SAP BPC MS 10.0 - version 810, allows an unauthorized attacker to execute crafted database queries. The exploitation of this issue could lead to SQL injection vulnerability and could allow an attacker to access, modify, and/or delete data from the backend database.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Source: NVD (National Vulnerability Database)
Vulnerability Title
SAP BPC MS SQL注入漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
SAP BPC MS是德国思爱普(SAP)公司的一个业务规划与整合应用程序。提供规划、预算、预测和财务合并功能。 SAP BPC MS 10.0 810版本存在SQL注入漏洞,该漏洞源于其允许未经授权的攻击者执行精心制作的数据库查询实现SQL注入并允许攻击者访问、修改和/或删除后端数据库中的数据。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| SAP | SAP BPC MS 10.0 | 800 | - |
II. Public POCs for CVE-2023-0016
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2023-0016
请登录查看更多情报信息。
Same Patch Batch · SAP · 2023-01-10 · 9 CVEs total
| CVE-2023-0018 | 10.0 CRITICAL | Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Plat |
| CVE-2023-0022 | 9.9 CRITICAL | Code Injection vulnerability in SAP BusinessObjects Business Intelligence platform (Analys |
| CVE-2023-0017 | 9.4 CRITICAL | Improper access control in SAP NetWeaver AS for Java |
| CVE-2023-0014 | 9.0 CRITICAL | Capture-replay vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform |
| CVE-2023-0012 | 6.4 MEDIUM | Local Privilege Escalation in SAP Host Agent (Windows) |
| CVE-2023-0013 | 6.1 MEDIUM | Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform |
| CVE-2023-0015 | 4.6 MEDIUM | Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence (Web |
| CVE-2023-0023 | 4.5 MEDIUM | Information Disclosure in SAP Bank Account Management (Manage Banks) |
IV. Related Vulnerabilities
Same vendor: SAP
- CVE-2023-29189
HTTP Verb Tampering vulnerability in SAP CRM (WebClient UI) - CVE-2023-29187
DLL Hijacking vulnerability in SapSetup (Software Installati - CVE-2023-29186
Directory/Path Traversal vulnerability in SAP NetWeaver. - CVE-2023-29185
Denial of Service (DOS) in SAP NetWeaver AS for ABAP (Busine - CVE-2023-29112
Code Injection vulnerability in SAP Application Interface Fr
Same weakness: CWE-89
- CVE-2021-47941
WordPress Plugin Survey & Poll 1.5.7.3 SQL Injection via sss - CVE-2021-47930
Balbooa Joomla Forms Builder 2.0.6 SQL Injection Unauthentic - CVE-2021-47928
Opencart TMD Vendor System 3.x Blind SQL Injection via produ - CVE-2026-8231
CodeAstro Online Catering Ordering System deleteorder.php sq - CVE-2025-14179
SQL injection in pdo_firebird via NUL bytes in quoted string
V. Comments for CVE-2023-0016
No comments yet