CVE-2023-31945

CVSS 3.1 Score 7.2 of 10 (high)

Details

Published Aug 17, 2023
Updated: Aug 18, 2023
CWE ID 89

Summary

CVE-2023-31945 is a newly discovered SQL injection vulnerability affecting the Online Travel Agency System v.1.0. An attacker can exploit this issue by manipulating the id parameter in the daily_expenditure_edit.php file, enabling them to inject and execute malicious SQL commands. This could potentially lead to unauthorized data access or modification, and even the execution of arbitrary code, posing a significant risk to system security. It is highly recommended that affected organizations apply the necessary patches or updates to mitigate this vulnerability promptly.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share