CVE-2023-31944

CVSS 3.1 Score 7.2 of 10 (high)

Details

Published Aug 17, 2023
Updated: Aug 18, 2023
CWE ID 89

Summary

CVE-2023-31944 is a newly identified SQL injection vulnerability. Hackers can exploit this weakness in the Online Travel Agency System v.1.0 by inputting malicious SQL commands through the emp_id parameter in the employee_edit.php file. Successful exploitation lets attackers execute arbitrary code remotely. This vulnerability poses a serious threat, as it could lead to sensitive data theft, unauthorized system access, or even complete system takeover. System administrators are urged to patch this issue immediately to avoid potential security risks.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share