CVE-2023-4872

CVSS 3.1 Score 7.2 of 10 (high)

Details

Published Sep 10, 2023

Updated: May 17, 2024

CWE ID 121

Summary

CVE-2023-4872 is a critical vulnerability identified in the SourceCodester Contact Manager App 1.0. This issue is linked to the processing of the file add.php, where an sql injection vulnerability exists. The flaw can be triggered by manipulating the argument contact/contactName. An attacker can exploit this remotely, gaining unauthorized access to sensitive data. The vulnerability has been disclosed to the public, increasing the risk of exploitation. Vulnerability Database (VDB) has assigned the identifier VDB-239357 to this issue.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/tpdRZu
https://www.cve.org/CVERecord?id=CVE-2023-4872
https://nvd.nist.gov/vuln/detail/CVE-2023-4872

Back to Vulnerability Database

CVE-2023-4872

CVSS 3.1 Score 7.2 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations