CVE-2023-46788

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Nov 7, 2023

Updated: Nov 13, 2023

CWE ID 89

Summary

CVE-2023-46788: Online Matrimonial Project v1.0 contains unauthenticated SQL injection vulnerabilities. The 'uploadphoto()' function in the 'functions.php' resource fails to validate user input on the 'id' parameter, allowing attackers to inject malicious SQL commands directly into the database. This can lead to unauthorized data access, modification, or disclosure. Attackers can exploit this vulnerability by sending specially crafted requests to manipulate or extract sensitive information from the database. Users of the affected software are advised to apply the necessary patches or upgrades to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/tJoheR
https://www.cve.org/CVERecord?id=CVE-2023-46788
https://nvd.nist.gov/vuln/detail/CVE-2023-46788

Back to Vulnerability Database

CVE-2023-46788

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations