CVE-2023-38382
CVSS 3.1 Score 9.8 of 10 (high)
Details
Summary
CVE-2023-38382 is a significant SQL Injection vulnerability affecting the Subscribe to Category feature in versions 2.7.4 and below. An attacker can exploit this vulnerability by improperly neutralizing special elements in SQL commands. This allows the attacker to execute malicious SQL queries, potentially gaining unauthorized access to sensitive data or even taking control of the affected system. The impact of this vulnerability can range from information disclosure to complete system compromise. It is crucial that users of the Subscribe to Category component upgrade to a patched version as soon as possible to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.