CVE-2023-34249

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Jun 13, 2023

Updated: Jun 23, 2023

CWE ID 89

Summary

CVE-2023-34249 is a newly identified SQL Injection vulnerability affecting benjjvi's open-source bulletin board software, PyBB. Before the commit dcaeccd37198ecd3e41ea766d1099354b60d69c2, the software failed to sanitize user queries, leaving it susceptible to SQL Injection attacks. This issue has been rectified in the aforementioned commit. As a temporary measure, users can manually update the software to mitigate the risk of exploitation by sanitizing their queries to the `BulletinDatabaseModule.py` file.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/roIIcz
https://www.cve.org/CVERecord?id=CVE-2023-34249
https://nvd.nist.gov/vuln/detail/CVE-2023-34249

Back to Vulnerability Database

CVE-2023-34249

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations