CVE-2023-48864

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Jan 10, 2024
Updated: Jan 17, 2024
CWE ID 89

Summary

CVE-2023-48864 is a newly discovered SQL injection vulnerability affecting SEMCMS version 4.8. The weakness lies in the languageID parameter found in the /web_inc.php file, which an attacker can exploit to inject malicious SQL commands and potentially gain unauthorized access to sensitive data or even take control of the affected system. This issue poses a serious security risk and requires immediate attention from users of SEMCMS v4.8 to apply the necessary patches or upgrades to mitigate the threat.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share