CVE-2023-33478

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Nov 7, 2023
Updated: Nov 14, 2023
CWE ID 89

Summary

CVE-2023-33478 is a newly disclosed SQL injection vulnerability affecting RemoteClinic 2.0. Hackers can exploit this weakness by manipulating the ID parameter in the URL of the /medicines/stocks.php file. Successful attacks could allow unauthorized access to sensitive data or enable malicious code execution within the application's database. Users are advised to install the available patch as soon as possible to protect against potential threats. This vulnerability underscores the importance of input validation and sanitization in web applications.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share