CVE-2023-39650
CVSS 3.1 Score 9.8 of 10 (high)
Details
Summary
CVE-2023-39650 is a newly identified SQL injection vulnerability that affects the Theme Volty CMS Blog up to version v4.0.1. An attacker can exploit this issue by manipulating the id parameter in the /tvcmsblog/single endpoint. If successful, the vulnerability allows an attacker to inject malicious SQL queries, potentially gaining unauthorized access to sensitive data or even taking control of the affected system. This vulnerability underscores the importance of applying security updates promptly and implementing input validation measures to prevent SQL injection attacks.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.