CVE-2023-3873

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Jul 25, 2023

Updated: May 17, 2024

CWE ID 400

CWE ID 20

Summary

CVE-2023-3873 is a critical vulnerability discovered in the Campcodes Beauty Salon Management System 1.0. This issue stems from an unsecured processing of the /admin/index.php file, which is susceptible to SQL injection. By manipulating the argument "username," an attacker can inject malicious SQL code, potentially gaining unauthorized access to sensitive data. The vulnerability can be exploited remotely, and the associated exploit has been made public, increasing the risk for potential attacks. The identifier for this vulnerability is VDB-235235.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/sGxgt2
https://www.cve.org/CVERecord?id=CVE-2023-3873
https://nvd.nist.gov/vuln/detail/CVE-2023-3873

Back to Vulnerability Database

CVE-2023-3873

CVSS 3.1 Score 7.5 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations