CVE-2023-51048

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Dec 21, 2023

Updated: Dec 27, 2023

CWE ID 89

Summary

CVE-2023-51048 is a newly discovered vulnerability affecting S-CMS version 5.0. An SQL injection flaw was found in the /admin/ajax.php file, specifically in the A_newsauth parameter. Successful exploitation of this vulnerability allows an attacker to execute malicious SQL queries on the underlying database, potentially leading to unauthorized access, data theft, or system compromise. Administrators are strongly urged to upgrade to a patched version of S-CMS as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/t1yEda
https://www.cve.org/CVERecord?id=CVE-2023-51048
https://nvd.nist.gov/vuln/detail/CVE-2023-51048

Back to Vulnerability Database

CVE-2023-51048

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations