CVE-2023-2760

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Jul 17, 2023

Updated: Aug 9, 2023

CWE ID 22

Summary

CVE-2023-2760 is a newly identified SQL injection vulnerability affecting TapHome's HandleMessageUpdateDevicePropertiesRequest function, which exists in versions prior to 2023.2. This weakness enables low-privileged users to inject malicious SQL directives into an SQL query. Consequences of exploitation include the execution of arbitrary SQL commands, granting full reading access, as well as limited write access, and temporary Denial-of-Service.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Apache Linkis

Affected Vendors

Apache Software Foundation

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/qxWWdz
https://www.cve.org/CVERecord?id=CVE-2023-2760
https://nvd.nist.gov/vuln/detail/CVE-2023-2760

Back to Vulnerability Database