CVE-2023-33592

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Jun 28, 2023

Updated: Sep 25, 2023

CWE ID 89

Summary

CVE-2023-33592: A SQL injection vulnerability has been identified in the Lost and Found Information System v1.0. This issue can be exploited through the component /php-lfis/admin/?page=system_info/contact_information. An attacker can manipulate SQL queries to gain unauthorized access to sensitive data or even take control of the system. Users are advised to apply the necessary patches or updates to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/rpQqI8
https://www.cve.org/CVERecord?id=CVE-2023-33592
https://nvd.nist.gov/vuln/detail/CVE-2023-33592

Back to Vulnerability Database

CVE-2023-33592

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations