CVE-2023-49006

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Dec 19, 2023

Updated: Jan 2, 2024

CWE ID 352

Summary

CVE-2023-49006 is a Cross-Site Request Forgery (CSRF) vulnerability affecting the Phpsysinfo version 3.4.3. An attacker can exploit this issue by crafting a malicious page in the XML.php file to trick a user into making unintended requests, potentially resulting in the theft of sensitive information. This vulnerability allows attackers to bypass user authentication and perform actions on behalf of the user, making it a significant security risk. Phpsysinfo users are urged to upgrade to a patched version to mitigate this issue.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/tfGig-
https://www.cve.org/CVERecord?id=CVE-2023-49006
https://nvd.nist.gov/vuln/detail/CVE-2023-49006

Back to Vulnerability Database

CVE-2023-49006

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations