CVE-2023-31944

CVSS 3.1 Score 7.2 of 10 (high)

Details

Published Aug 17, 2023

Updated: Aug 18, 2023

CWE ID 89

Summary

CVE-2023-31944 is a newly identified SQL injection vulnerability. Hackers can exploit this weakness in the Online Travel Agency System v.1.0 by inputting malicious SQL commands through the emp_id parameter in the employee_edit.php file. Successful exploitation lets attackers execute arbitrary code remotely. This vulnerability poses a serious threat, as it could lead to sensitive data theft, unauthorized system access, or even complete system takeover. System administrators are urged to patch this issue immediately to avoid potential security risks.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/sYR5yU
https://www.cve.org/CVERecord?id=CVE-2023-31944
https://nvd.nist.gov/vuln/detail/CVE-2023-31944

Back to Vulnerability Database

CVE-2023-31944

CVSS 3.1 Score 7.2 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations