CVE-2023-33478

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Nov 7, 2023

Updated: Nov 14, 2023

CWE ID 89

Summary

CVE-2023-33478 is a newly disclosed SQL injection vulnerability affecting RemoteClinic 2.0. Hackers can exploit this weakness by manipulating the ID parameter in the URL of the /medicines/stocks.php file. Successful attacks could allow unauthorized access to sensitive data or enable malicious code execution within the application's database. Users are advised to install the available patch as soon as possible to protect against potential threats. This vulnerability underscores the importance of input validation and sanitization in web applications.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/tT1iIG
https://www.cve.org/CVERecord?id=CVE-2023-33478
https://nvd.nist.gov/vuln/detail/CVE-2023-33478

Back to Vulnerability Database

CVE-2023-33478

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations