CVE-2023-44480
CVSS 3.1 Score 8.8 of 10 (high)
Details
Summary
CVE-2023-44480 is a vulnerability affecting the Leave Management System Project v1.0. This issue permits authenticated SQL injection attacks due to insufficient input validation. Specifically, the 'setcasualleave' parameter in the admin/setleaves.php resource fails to filter user input, resulting in malicious SQL statements being executed against the database. Successful exploitation of this vulnerability could lead to unauthorized access, data manipulation, or unavailability of the system. Organizations using this software version are strongly advised to apply the necessary patches or mitigations to prevent potential attacks.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.