CVE-2023-34545

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Aug 9, 2023
Updated: Aug 11, 2023
CWE ID 89

Summary

CVE-2023-34545 is a SQL injection vulnerability affecting CSZCMS version 1.3.0. Attackers can exploit this issue by injecting malicious SQL commands into the p parameter or the search URL. Successful exploitation grants remote attackers the ability to execute arbitrary SQL statements, potentially leading to unauthorized data access or modification. This vulnerability poses a significant risk to websites using the affected CSZCMS version and should be addressed with immediate patches or upgrades to a secure version.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share