CVE-2023-40609

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Nov 6, 2023
Updated: Nov 10, 2023
CWE ID 89

Summary

CVE-2023-40609 is a vulnerability affecting Contact form 7 Custom validation in Aiyaz, where improper neutralization of special elements in an SQL command allows SQL Injection. This issue exists from version n/a through 1.1.3, potentially exposing databases to unauthorized access or manipulation. Attackers can exploit this vulnerability to execute malicious SQL commands and gain unauthorized access to sensitive information. Users are advised to update their Contact form 7 Custom validation to the latest version to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share