CVE-2023-39016

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Jul 28, 2023

Updated: Jul 30, 2024

CWE ID 94

Summary

CVE-2023-39016 is a newly identified code injection vulnerability affecting bboss-persistent version 6.0.9 and below. The issue lies in the component com.frameworkset.common.poolman.util.SQLManager.createPool, where an unchecked argument can be exploited to inject malicious SQL code. Successful exploitation could result in unauthorized access to sensitive data or the ability to execute arbitrary SQL statements. Users are strongly advised to update to a patched version of bboss-persistent as soon as possible to mitigate this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/sG6nk7
https://www.cve.org/CVERecord?id=CVE-2023-39016
https://nvd.nist.gov/vuln/detail/CVE-2023-39016

Back to Vulnerability Database

CVE-2023-39016

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations