CVE-2023-35072

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Sep 5, 2023

Updated: Sep 11, 2023

CWE ID 89

Summary

CVE-2023-35072 is a newly discovered SQL Injection vulnerability affecting Coyav Travel Proagent. Hackers can exploit this issue, which occurs before version 20230904, by introducing malicious SQL commands. This vulnerability stems from improper neutralization of special elements in SQL commands, putting SQL databases at risk of unauthorized access, data theft, or modification.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/rzlEpb
https://www.cve.org/CVERecord?id=CVE-2023-35072
https://nvd.nist.gov/vuln/detail/CVE-2023-35072

Back to Vulnerability Database

CVE-2023-35072

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations