CVE-2023-47609

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Nov 14, 2023
Updated: Nov 17, 2023
CWE ID 89

Summary

CVE-2023-47609 is a SQL injection vulnerability affecting older versions of OSS Calendar (before v2.0.3). This issue enables remote, authenticated attackers to execute arbitrary code or manipulate data stored in the calendar's database by crafting malicious SQL queries. Successful exploitation could result in unauthorized access to sensitive information or even system takeover. Users are advised to update their OSS Calendar installations promptly to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share