CVE-2023-38382

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Nov 6, 2023
Updated: Nov 10, 2023
CWE ID 89

Summary

CVE-2023-38382 is a significant SQL Injection vulnerability affecting the Subscribe to Category feature in versions 2.7.4 and below. An attacker can exploit this vulnerability by improperly neutralizing special elements in SQL commands. This allows the attacker to execute malicious SQL queries, potentially gaining unauthorized access to sensitive data or even taking control of the affected system. The impact of this vulnerability can range from information disclosure to complete system compromise. It is crucial that users of the Subscribe to Category component upgrade to a patched version as soon as possible to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share