CVE-2023-41623

CVSS 3.1 Score 7.2 of 10 (high)

Details

Published Dec 12, 2023

Updated: Dec 14, 2023

CWE ID 89

Summary

CVE-2023-41623 is a newly discovered SQL injection vulnerability affecting Emlog version pro2.1.14. The issue lies in the /admin/media.php file, where the uid parameter is susceptible to malicious SQL injection attacks. An unauthorized user can exploit this vulnerability to gain unauthorized access to sensitive data or even execute administrative commands on the affected system. This issue poses a significant risk to websites using the vulnerable Emlog version and requires immediate patching to prevent potential attacks.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Emlog

Affected Vendors

EM Log

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sgK7Wo
https://www.cve.org/CVERecord?id=CVE-2023-41623
https://nvd.nist.gov/vuln/detail/CVE-2023-41623

Back to Vulnerability Database