CVE-2023-39805

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Aug 10, 2023

Updated: Aug 15, 2023

CWE ID 89

Summary

CVE-2023-39805 is a newly identified SQL injection vulnerability affecting version 7.0.16 of iCMS. An attacker can exploit this flaw by injecting malicious SQL code through the "where" parameter in the admincp.php file. This vulnerability poses a significant risk, as SQL injection attacks can grant unauthorized access to sensitive data or even allow an attacker to take control of the affected system. It is recommended that users of iCMS version 7.0.16 apply the latest security patch as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/sP2Lhb
https://www.cve.org/CVERecord?id=CVE-2023-39805
https://nvd.nist.gov/vuln/detail/CVE-2023-39805

Back to Vulnerability Database

CVE-2023-39805

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations