CVE-2023-38890

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Aug 18, 2023

Updated: Nov 14, 2023

CWE ID 89

Summary

CVE-2023-38890 is a newly disclosed vulnerability affecting the Online Shopping Portal Project 3.1. This issue permits remote attackers to execute arbitrary SQL commands through the login form by exploiting insufficient input validation in the username field. Successful attacks could result in unauthorized access and potential manipulation of data. Attackers can inject malicious SQL queries to gain unauthorized access to the system, posing a significant risk to data security. The vulnerability requires no authentication and can be exploited remotely. It is recommended that users of the Online Shopping Portal Project 3.1 apply the necessary security patches as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database