CVE-2023-4548

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Aug 26, 2023
Updated: May 17, 2024
CWE ID 787
CWE ID 120

Summary

CVE-2023-4548 is a critical vulnerability affecting SPA-Cart eCommerce CMS version 1.9.0.3. The issue lies within the GET Parameter Handler component of the /search file, which is susceptible to SQL injection. Attackers can exploit this vulnerability by manipulating the filter[brandid] argument to gain unauthorized access. This attack can be initiated remotely, making it a significant security risk. The associated identifier for this vulnerability is VDB-238059.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share