{"id":"CVE-2023-23634","details":"SQL Injection vulnerability in Documize version 5.4.2, allows remote attackers to execute arbitrary code via the user parameter of the /api/dashboard/activity endpoint.","modified":"2026-04-10T04:55:38.663456Z","published":"2023-12-29T07:15:10.430Z","references":[{"type":"EVIDENCE","url":"https://herolab.usd.de/en/security-advisories/usd-2022-0066/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/documize/community","events":[{"introduced":"0"},{"last_affected":"be2c2a7a2c6f28ab75527732d436f9008d3ad67a"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"5.4.2"}]}}],"versions":["v0.14.1","v0.14.2","v0.15.0","v0.16.1","v0.17.0","v0.20.0","v0.22.0","v0.24.1","v0.26.0","v0.27.0","v0.28.0","v0.29.0","v0.30.0","v0.31.0","v0.32.0","v0.33.0","v0.34.0","v0.34.1","v0.35.0","v0.36.0","v0.37.0","v0.38.0","v0.39.0","v0.40.0","v0.41.0","v0.42.0","v0.43.0","v0.43.1","v0.44","v0.44.1","v1.45.0","v1.45.1","v1.45.2","v1.45.3","v1.46.0","v1.46.2","v1.47.0","v1.47.2","v1.48.0","v1.48.1","v1.48.2","v1.49.0","v1.49.1","v1.49.2","v1.50.0","v1.50.1","v1.51.0","v1.52.0","v1.52.1","v1.52.2","v1.53.0","v1.53.1","v1.53.2","v1.53.3","v1.53.4","v1.53.5","v1.53.6","v1.54.0","v1.54.1","v1.55.0","v1.56.0","v1.56.1","v1.57.0","v1.57.1","v1.57.2","v1.57.3","v1.58.0","v1.59.0","v1.59.1","v1.59.2","v1.60.0","v1.61.0","v1.62.0","v1.63.0","v1.63.1","v1.64.0","v1.64.1","v1.64.2","v1.64.3","v1.64.4","v1.65.0","v1.65.1","v1.65.2","v1.65.3","v1.65.4","v1.66.0","v1.67.0","v1.68.0","v1.68.1","v1.69.0","v1.69.1","v1.69.2","v1.70.0","v1.71.0","v1.72.0","v1.73.0","v1.73.1","v1.76.0","v1.76.1","v1.76.2","v2.0.0","v2.0.1","v2.0.2","v2.0.3","v2.0.4","v2.0.5","v2.1.0","v2.1.1","v2.2.0","v2.2.1","v2.3.0","v2.3.1","v2.3.2","v2.4.0","v2.4.1","v2.4.2","v2.5.0","v2.5.1","v3.0.0","v3.1.0","v3.1.1","v3.1.2","v3.2.0","v3.3.0","v3.3.1","v3.3.2","v3.4.0","v3.4.1","v3.4.2","v3.5.0","v3.5.1","v3.5.2","v3.6.0","v3.7.0","v3.8.0","v3.8.2","v3.9.0","v4.0.0","v4.1.0","v4.1.1","v4.2.2","v4.2.3","v5.0.0","v5.0.1","v5.1.0","v5.2.0","v5.2.1","v5.2.2","v5.3.0","v5.4.0","v5.4.1","v5.4.2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-23634.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}