CVE-2023-52082

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Dec 28, 2023
Updated: Jan 4, 2024
CWE ID 89

Summary

CVE-2023-52082 introduces a vulnerability in the Lychee photo management tool, affecting versions prior to 5.0.2. This issue entails an SQL injection, triggered when using mysql or mariadb bindings, under specific conditions where the `.env` settings DB_LOG_SQL and DB_LOG_SQL_EXPLAIN are set to true. The patch to remedy this vulnerability is available in version 5.0.2. To mitigate the risk, disable SQL EXPLAIN logging.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share