CVE-2023-50846

CVSS 3.1 Score 7.2 of 10 (high)

Details

Published Dec 28, 2023
Updated: Jan 4, 2024
CWE ID 89

Summary

CVE-2023-50846 is a newly discovered SQL Injection vulnerability that affects the RegistrationMagic suite of plugins, including Custom Registration Forms, User Registration, Payment, and User Login. The vulnerability stems from the improper neutralization of special elements found in SQL commands. This issue can be exploited to execute malicious SQL queries, potentially leading to unauthorized access to user data, modification of database content, or even database server takeover. The affected versions range from n/a to 5.2.4.5. Users are advised to update their plugins to the latest version to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share