CVE-2023-36652

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Dec 12, 2023

Updated: Dec 13, 2023

CWE ID 89

Summary

CVE-2023-36652 is a SQL Injection vulnerability affecting the users searching REST API endpoint in ProLion CryptoSpike 3.0.15P2. This issue allows authenticated attackers to inject SQL commands into the search parameter and gain unauthorized access to database data. The vulnerability could potentially lead to the exposure of sensitive information or data manipulation, posing a significant security risk to affected systems. ProLion is advised to apply the necessary patches to mitigate this issue promptly.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

ProLion CryptoSpike

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/rx65S5
https://www.cve.org/CVERecord?id=CVE-2023-36652
https://nvd.nist.gov/vuln/detail/CVE-2023-36652

Back to Vulnerability Database

CVE-2023-36652

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Summary

Affected Products

Advisories, Assessments, and Mitigations