CVE-2023-46581

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Nov 14, 2023
Updated: Nov 17, 2023
CWE ID 89

Summary

CVE-2023-46581 is a SQL injection vulnerability found in the Inventory Management v.1.0 software. This vulnerability allows a local attacker to execute arbitrary code by manipulating the name, uname, and email parameters in the registration.php component. The affected product is 't0TPsV'. The vulnerability has a base severity rating of MEDIUM and a base score of 5.5 according to NIST. The exploitability score is 1.8, and the privileges required for exploitation are low. The impact on confidentiality is high, while integrity impact is none. The vulnerability poses a potential danger to organizations as it could lead to unauthorized code execution and potential data breaches. It is recommended that organizations update their Inventory Management software to address this vulnerability promptly.

Note: Some information is missing or unclear in the provided text, making it difficult to provide a complete analysis.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-46581 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options