CVE-2023-46787

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Nov 7, 2023

Updated: Nov 13, 2023

CWE ID 89

Summary

CVE-2023-46787: Online Matrimonial Project v1.0 contains unauthenticated SQL injection vulnerabilities. The 'username' parameter of the 'auth/auth.php' resource fails to validate user input, allowing malicious characters to be directly sent to the database. This flaw could potentially lead to unauthorized access, data theft, or server compromise. Users are advised to update their software or apply relevant patches as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/tJohAQ
https://www.cve.org/CVERecord?id=CVE-2023-46787
https://nvd.nist.gov/vuln/detail/CVE-2023-46787

Back to Vulnerability Database

CVE-2023-46787

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations