CVE-2023-4548
CVSS 3.1 Score 9.8 of 10 (high)
Details
Published Aug 26, 2023
Updated: May 17, 2024
CWE ID 787
CWE ID 120
Summary
CVE-2023-4548 is a critical vulnerability affecting SPA-Cart eCommerce CMS version 1.9.0.3. The issue lies within the GET Parameter Handler component of the /search file, which is susceptible to SQL injection. Attackers can exploit this vulnerability by manipulating the filter[brandid] argument to gain unauthorized access. This attack can be initiated remotely, making it a significant security risk. The associated identifier for this vulnerability is VDB-238059.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Vendors
- Shenzhen Tenda Technology Co. Ltd