CVE-2023-36677

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Nov 3, 2023
Updated: Nov 9, 2023
CWE ID 89

Summary

CVE-2023-36677 is an SQL Injection vulnerability affecting the Smartypants SP Project & Document Manager from versions n/a to 4.67. This issue arises due to improper neutralization of special elements in SQL commands, allowing malicious SQL injection attacks. Successful exploitation could result in unauthorized access to sensitive data or even system takeover. Users are strongly encouraged to update to a patched version as soon as possible.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Smarty Pants Plugins SP Project Document Manager