CVE-2023-26454

Summary

CVE-2023-26454 is a vulnerability in an image converter service where requests for image metadata can be manipulated to include SQL queries, which are executed without proper checks. This issue can lead to arbitrary SQL statements being executed in the context of the service's database user account. Access to adjacent networks is required to exploit this vulnerability, as it is not publicly exposed by default. The service has now implemented checks to validate API requests and logs attempts to bypass these checks as errors. No publicly available exploits for this vulnerability have been reported.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.