CVE-2023-34545
CVSS 3.1 Score 9.8 of 10 (high)
Details
Published Aug 9, 2023
Updated: Aug 11, 2023
CWE ID 89
Summary
CVE-2023-34545 is a SQL injection vulnerability affecting CSZCMS version 1.3.0. Attackers can exploit this issue by injecting malicious SQL commands into the p parameter or the search URL. Successful exploitation grants remote attackers the ability to execute arbitrary SQL statements, potentially leading to unauthorized data access or modification. This vulnerability poses a significant risk to websites using the affected CSZCMS version and should be addressed with immediate patches or upgrades to a secure version.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share