CVE-2023-38839

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Aug 18, 2023

Updated: Aug 23, 2023

CWE ID 89

Summary

CVE-2023-38839 is a newly-discovered SQL injection vulnerability affecting the Kidus Minimati version 1.0.0. An attacker can exploit this flaw by manipulating the ID parameter in the fulldelete.php component to inject malicious SQL queries and gain unauthorized access to sensitive information. Successful exploitation of this vulnerability may lead to the leakage of confidential data, putting organizations using the Kidus Minimati software at risk. It is imperative that users update their software to the latest version to mitigate this threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Kid &Us

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sG6uJc
https://www.cve.org/CVERecord?id=CVE-2023-38839
https://nvd.nist.gov/vuln/detail/CVE-2023-38839

Back to Vulnerability Database

CVE-2023-38839

CVSS 3.1 Score 7.5 of 10 (high)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations