CVE-2023-37847

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Aug 14, 2023

Updated: Aug 18, 2023

CWE ID 89

Summary

CVE-2023-37847 is a newly disclosed vulnerability affecting novel-plus version 3.6.2. An attacker can exploit this SQL injection flaw to gain unauthorized access to sensitive data or even take control of the affected system. The vulnerability occurs due to insufficient input validation, allowing malicious SQL statements to be injected into the application's queries. Users are strongly advised to upgrade to the latest, secure version of the software as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/r8dO85
https://www.cve.org/CVERecord?id=CVE-2023-37847
https://nvd.nist.gov/vuln/detail/CVE-2023-37847

Back to Vulnerability Database

CVE-2023-37847

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations