CVE-2023-39641

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Sep 15, 2023

Updated: Sep 20, 2023

CWE ID 89

Summary

CVE-2023-39641 is a newly disclosed SQL injection vulnerability affecting the Active Design psaffiliate software before version 1.9.8. The issue lies within the PsaffiliateGetaffiliatesdetailsModuleFrontController's initContent() function, which can be exploited by an attacker to inject malicious SQL queries and potentially gain unauthorized access to sensitive data. This vulnerability poses a significant risk and requires immediate attention from users running affected versions of the psaffiliate software. It is essential to apply the appropriate patches or upgrades to mitigate the risk of exploitation.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/sP2Uie
https://www.cve.org/CVERecord?id=CVE-2023-39641
https://nvd.nist.gov/vuln/detail/CVE-2023-39641

Back to Vulnerability Database

CVE-2023-39641

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations