CVE-2023-31945

CVSS 3.1 Score 7.2 of 10 (high)

Details

Published Aug 17, 2023

Updated: Aug 18, 2023

CWE ID 89

Summary

CVE-2023-31945 is a newly discovered SQL injection vulnerability affecting the Online Travel Agency System v.1.0. An attacker can exploit this issue by manipulating the id parameter in the daily_expenditure_edit.php file, enabling them to inject and execute malicious SQL commands. This could potentially lead to unauthorized data access or modification, and even the execution of arbitrary code, posing a significant risk to system security. It is highly recommended that affected organizations apply the necessary patches or updates to mitigate this vulnerability promptly.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/sYS7Ut
https://www.cve.org/CVERecord?id=CVE-2023-31945
https://nvd.nist.gov/vuln/detail/CVE-2023-31945

Back to Vulnerability Database

CVE-2023-31945

CVSS 3.1 Score 7.2 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations