CVE-2023-46581

Summary

CVE-2023-46581 is a SQL injection vulnerability found in the Inventory Management v.1.0 software. This vulnerability allows a local attacker to execute arbitrary code by manipulating the name, uname, and email parameters in the registration.php component. The affected product is 't0TPsV'. The vulnerability has a base severity rating of MEDIUM and a base score of 5.5 according to NIST. The exploitability score is 1.8, and the privileges required for exploitation are low. The impact on confidentiality is high, while integrity impact is none. The vulnerability poses a potential danger to organizations as it could lead to unauthorized code execution and potential data breaches. It is recommended that organizations update their Inventory Management software to address this vulnerability promptly. Note: Some information is missing or unclear in the provided text, making it difficult to provide a complete analysis.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.