CVE-2023-28359 - AskarLabs CVE Database

CVE-2023-28359

Vendor N/A

Product Rocket.Chat

Weakness CWE-89 · SQLi

Published May 11, 2023

Last update January 27, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

A NoSQL injection vulnerability has been identified in the listEmojiCustom method call within Rocket.Chat. This can be exploited by unauthenticated users when there is at least one custom emoji uploaded to the Rocket.Chat instance. The vulnerability causes a delay in the server response, with the potential for limited impact.

Key dates

02Disclosure timeline

May 11, 2023 CVE published

January 27, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-28359

Related vulnerabilities

04Related CVE

CVE-2026-7028 CodeAstro Online Job Portal All Jobs delete-jobs.php sql injection CVE-2025-55732 Frappe has the possibility of SQL Injection due to improper validations CVE-2024-2453 Advantech WebAccess/SCADA SQL Injection CVE-2025-26854 Extension - joomcar.net - SQL injection in Articles Good Search 1.0.0 - 1.2.4.0011 for Joomla CVE-2024-7076 SQLi in Semtek Informatics Software's Semtek Sempos