CVE-2023-36677
CVSS 3.1 Score 8.8 of 10 (high)
Details
Published Nov 3, 2023
Updated: Nov 9, 2023
CWE ID 89
Summary
CVE-2023-36677 is an SQL Injection vulnerability affecting the Smartypants SP Project & Document Manager from versions n/a to 4.67. This issue arises due to improper neutralization of special elements in SQL commands, allowing malicious SQL injection attacks. Successful exploitation could result in unauthorized access to sensitive data or even system takeover. Users are strongly encouraged to update to a patched version as soon as possible.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- Smarty Pants Plugins SP Project Document Manager