CVE-2023-26443

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Aug 2, 2023

Updated: Jan 12, 2024

CWE ID 89

Summary

CVE-2023-26443 is a vulnerability affecting full-text autocomplete search features. It allows user-supplied SQL syntax to be injected into SQL statements, potentially leading to benign SQL exceptions or, in some cases, escalating to a malicious SQL injection attack. Although existing sanitization measures are in place, the vulnerability could be exploited to manipulate data or gain unauthorized access. This issue has been addressed by properly encoding single quotes for SQL FULLTEXT queries, and currently, no public exploits are known.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Open-xchange Appsuite Backend

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sMqjUA
https://www.cve.org/CVERecord?id=CVE-2023-26443
https://nvd.nist.gov/vuln/detail/CVE-2023-26443

Back to Vulnerability Database

CVE-2023-26443

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Affected Products

Advisories, Assessments, and Mitigations