CVE-2023-43610
CVSS 3.1 Score 8.8 of 10 (high)
Details
Summary
CVE-2023-43610 is a newly disclosed SQL injection vulnerability that affects the Order Data Edit page in Welcart e-Commerce versions 2.7 to 2.8.21. This issue allows users with editor permissions or higher to execute unintended database queries, potentially leading to data leaks or unauthorized modifications. An attacker could exploit this vulnerability to gain deeper access to the Welcart system, compromising sensitive information or disrupting critical business functions. However, it's important to note that this vulnerability requires a certain level of access, limiting its scope to users with editor privileges or higher. System administrators and e-commerce businesses using affected versions of Welcart should apply the available patch as soon as possible to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.