CVE-2023-39853

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Jan 6, 2024
Updated: Jan 11, 2024
CWE ID 89

Summary

CVE-2023-39853 is a newly-discovered SQL Injection vulnerability that affects Dzzoffice version 2.01. This issue allows remote attackers to exploit the flaw by manipulating the doobj and doevent parameters in the Network Disk backend module. Successful exploitation can result in the attacker gaining unauthorized access to sensitive information. SQL Injection vulnerabilities can lead to serious data breaches and should be addressed promptly. Users of Dzzoffice version 2.01 are urged to update to a patched version to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share