CVE-2023-4671

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Dec 28, 2023

Updated: Jan 4, 2024

CWE ID 117

Summary

CVE-2023-4671 is a critical SQL Injection vulnerability in Talent Software ECOP. An attacker can exploit this issue, which affects versions before 32255, by neutralizing special elements in SQL commands. Successful exploitation grants the attacker command line execution rights. This vulnerability poses a significant risk, as it can lead to unauthorized system access and data manipulation. It is imperative that users of ECOP upgrade to a patched version to prevent potential attacks.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

FortiWeb
Fortinet FortiMail

Affected Vendors

Fortinet

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/tIwWJB
https://www.cve.org/CVERecord?id=CVE-2023-4671
https://nvd.nist.gov/vuln/detail/CVE-2023-4671

Back to Vulnerability Database