CVE-2023-39344

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Aug 4, 2023

Updated: Aug 10, 2023

CWE ID 89

Summary

CVE-2023-39344 is a SQL injection vulnerability affecting the social-media-skeleton project. Attackers can exploit this uncompleted social media platform to inject malicious SQL commands using UNION statements. Successful attacks may result in remote code execution. The vulnerability can be traced back to commit 3cabdd35c3d874608883c9eaf9bf69b2014d25c1, which contains a reported fix for this issue. Users of social-media-skeleton are encouraged to apply the patch as soon as possible to mitigate the risk of exploitation.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/sJX4Ti
https://www.cve.org/CVERecord?id=CVE-2023-39344
https://nvd.nist.gov/vuln/detail/CVE-2023-39344

Back to Vulnerability Database

CVE-2023-39344

CVSS 3.1 Score 8.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations