CVE-2023-37966
CVSS 3.1 Score 9.8 of 10 (high)
Details
Published Oct 31, 2023
Updated: Nov 8, 2023
CWE ID 89
Summary
CVE-2023-37966 is a newly disclosed SQL Injection vulnerability affecting the User Activity Log component of Solwin Infotech from version n/a through 1.6.2. An attacker can exploit this vulnerability by injecting malicious SQL commands, potentially leading to unauthorized access, data theft, or system damage. The vulnerability arises due to improper neutralization of special elements used in an SQL command. Organizations using the affected version of User Activity Log are urged to apply the necessary security patches as soon as possible to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- Solwininfotech User Activity Log
Affected Vendors
- Solwin Infotech