CVE-2023-36076

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Sep 1, 2023

Updated: Sep 7, 2023

CWE ID 89

Summary

CVE-2023-36076 is a newly disclosed SQL Injection vulnerability affecting smanga version 3.1.9 and older. This issue permits remote attackers to execute arbitrary code and extract sensitive information by manipulating the mediaId, mangaId, and userId parameters in the php/history/add.php file. Successful exploitation can lead to unauthorized access to user data and potentially serious security breaches. Users are urged to update their smanga installation as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/sh6aYp
https://www.cve.org/CVERecord?id=CVE-2023-36076
https://nvd.nist.gov/vuln/detail/CVE-2023-36076

Back to Vulnerability Database

CVE-2023-36076

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations