CVE-2023-37966

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Oct 31, 2023
Updated: Nov 8, 2023
CWE ID 89

Summary

CVE-2023-37966 is a newly disclosed SQL Injection vulnerability affecting the User Activity Log component of Solwin Infotech from version n/a through 1.6.2. An attacker can exploit this vulnerability by injecting malicious SQL commands, potentially leading to unauthorized access, data theft, or system damage. The vulnerability arises due to improper neutralization of special elements used in an SQL command. Organizations using the affected version of User Activity Log are urged to apply the necessary security patches as soon as possible to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Solwininfotech User Activity Log

Affected Vendors

  • Solwin Infotech