CVE-2023-38899

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Aug 21, 2023

Updated: Aug 24, 2023

CWE ID 89

Summary

CVE-2023-38899 represents a critical SQL injection vulnerability in the berkaygediz O_Blog version 1.0. An attacker who has local access can exploit this flaw and manipulate SQL statements to escalate privileges. By interacting with the secure_file_priv component, an adversary can gain elevated access rights, potentially resulting in significant data compromise or system takeover. This vulnerability poses a substantial risk and requires immediate remediation.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/sG60AL
https://www.cve.org/CVERecord?id=CVE-2023-38899
https://nvd.nist.gov/vuln/detail/CVE-2023-38899

Back to Vulnerability Database

CVE-2023-38899

CVSS 3.1 Score 7.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations