CVE-2023-39652

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Aug 28, 2023

Updated: Sep 1, 2023

CWE ID 89

Summary

CVE-2023-39652: A SQL injection vulnerability was identified in the TvcmsVideoTab component of the Volty Theme (up to version 4.0.0) by the TvcmsVideoTabConfirmDeleteModuleFrontController::run() function. This issue allows attackers to inject malicious SQL queries and potentially gain unauthorized access to sensitive data or make unintended modifications to the underlying database. Users are strongly advised to apply the necessary patches to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/sP2VxO
https://www.cve.org/CVERecord?id=CVE-2023-39652
https://nvd.nist.gov/vuln/detail/CVE-2023-39652

Back to Vulnerability Database

CVE-2023-39652

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations