CVE-2023-49708

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Dec 14, 2023

Updated: Dec 19, 2023

CWE ID 89

Summary

CVE-2023-49708 refers to a SQL injection vulnerability discovered in the Starshop component for Joomla. Malicious actors can exploit this flaw to gain unauthorized access to sensitive data or execute malicious SQL statements, potentially leading to site takeover or data breaches. The vulnerability occurs due to insufficient input validation and sanitization of user-supplied data, putting Joomla websites utilizing the Starshop component at risk. Users are advised to apply the available patch or update the component immediately to mitigate the threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/tnxbj0
https://www.cve.org/CVERecord?id=CVE-2023-49708
https://nvd.nist.gov/vuln/detail/CVE-2023-49708

Back to Vulnerability Database

CVE-2023-49708

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations