CVE-2023-46677

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Nov 7, 2023

Updated: Nov 13, 2023

CWE ID 89

Summary

CVE-2023-46677 affects the Online Job Portal v1.0, where the 'sign-up.php' resource contains unvalidated SQL input in the 'txt_uname' parameter. This vulnerability allows an attacker to inject malicious SQL queries, which can result in unauthorized access, data theft, or server compromise. No validation checks are implemented on user input, making it easy for attackers to exploit this unauthenticated SQL injection flaw.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/tIwVIJ
https://www.cve.org/CVERecord?id=CVE-2023-46677
https://nvd.nist.gov/vuln/detail/CVE-2023-46677

Back to Vulnerability Database

CVE-2023-46677

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations