CVE-2023-4531

CVSS 3.1 Score 9.8 of 10 (high)

Attack Complexity low
Confidentiality high
Integrity high
Availability high
Scope unchanged
Privileges Required none

Details

Published Sep 5, 2023
Updated: Sep 8, 2023
CWE ID 94

Summary

CVE-2023-4531 is a significant SQL Injection vulnerability affecting Mestav Software's E-commerce Software versions before 20230901. Malicious actors can exploit this issue by improperly neutralizing special elements in SQL commands, potentially gaining unauthorized access to sensitive data or making destructive changes to the database. The risk of exploitation increases if the software is not patched promptly.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share