CVE-2023-43364

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Dec 12, 2023

Updated: Dec 14, 2023

CWE ID 74

Summary

CVE-2023-43364 is a vulnerability affecting the Searchor software before version 2.4.2. The issue lies in the main.py file, which employs the `eval` function on command-line input. This could potentially lead to unexpected code execution, posing a significant security risk. Attackers could exploit this flaw by providing malicious input to gain unauthorized access or execute malicious commands on the targeted system. Users are urged to upgrade to the latest version of Searchor to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/suOzdc
https://www.cve.org/CVERecord?id=CVE-2023-43364
https://nvd.nist.gov/vuln/detail/CVE-2023-43364

Back to Vulnerability Database

CVE-2023-43364

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations