CVE-2023-46435

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Oct 26, 2023

Updated: Oct 30, 2023

CWE ID 89

Summary

CVE-2023-46435: Sourcecodester's Packers and Movers Management System version 1.0 contains an SQL injection vulnerability. An attacker can exploit this issue by manipulating the 'id' parameter in the URL 'mpms/?p=services/view_service&id=' to inject malicious SQL queries. This may lead to unauthorized access to sensitive data or even system takeover. Users are strongly advised to update the system to a secure version as soon as possible to mitigate the risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/tGo3ue
https://www.cve.org/CVERecord?id=CVE-2023-46435
https://nvd.nist.gov/vuln/detail/CVE-2023-46435

Back to Vulnerability Database

CVE-2023-46435

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations