CVE-2023-50846
CVSS 3.1 Score 7.2 of 10 (high)
Details
Summary
CVE-2023-50846 is a newly discovered SQL Injection vulnerability that affects the RegistrationMagic suite of plugins, including Custom Registration Forms, User Registration, Payment, and User Login. The vulnerability stems from the improper neutralization of special elements found in SQL commands. This issue can be exploited to execute malicious SQL queries, potentially leading to unauthorized access to user data, modification of database content, or even database server takeover. The affected versions range from n/a to 5.2.4.5. Users are advised to update their plugins to the latest version to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.