CVE-2023-49665

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Jan 4, 2024

Updated: Jan 10, 2024

CWE ID 89

Summary

CVE-2023-49665 is a vulnerability affecting Billing Software v1.0. This issue allows for unauthenticated SQL injection attacks due to insufficient input validation. The 'quantity[]' parameter in the 'submit_delivery_list.php' resource does not filter user input, enabling attackers to manipulate SQL queries and potentially gain unauthorized access to sensitive data. This vulnerability poses a significant risk to organizations using the affected software, making it crucial to apply the necessary patches or updates as soon as possible.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

billing software

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/tmlz3W
https://www.cve.org/CVERecord?id=CVE-2023-49665
https://nvd.nist.gov/vuln/detail/CVE-2023-49665

Back to Vulnerability Database

CVE-2023-49665

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Affected Products

Advisories, Assessments, and Mitigations