CVE-2023-33367

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Aug 5, 2023

Updated: Aug 9, 2023

CWE ID 89

Summary

CVE-2023-33367 is a SQL injection vulnerability affecting Control ID IDSecure version 4.7.26.0 and older. Malicious actors can exploit this flaw to write PHP files in the server's root directory, effectively gaining remote code execution rights without authentication. This vulnerability poses a significant risk, as it allows attackers to execute arbitrary code and potentially take full control of the affected system. System administrators are strongly advised to update their IDSecure installations to the latest version to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

ASSA ABLOY AB

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sOfDH2
https://www.cve.org/CVERecord?id=CVE-2023-33367
https://nvd.nist.gov/vuln/detail/CVE-2023-33367

Back to Vulnerability Database

CVE-2023-33367

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations