CVE-2023-31939
CVSS 3.1 Score 7.2 of 10 (high)
Details
Published Aug 17, 2023
Updated: Aug 18, 2023
CWE ID 89
Summary
CVE-2023-31939 is a newly discovered SQL injection vulnerability that affects the Online Travel Agency System version 1.0. This issue allows an attacker to execute arbitrary code remotely by exploiting the customer_id parameter found in the customer_edit.php file. SQL injection attacks can lead to unauthorized access, data theft, or system damage. This vulnerability poses a significant risk to organizations and users relying on this outdated system and should be addressed promptly through patching or other mitigation measures.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share