CVE-2023-52286

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Dec 31, 2023

Updated: Jan 5, 2024

Summary

CVE-2023-52286 refers to a vulnerability in Tencent's tdsqlpcloud before version 1.8.5. This issue enables unauthenticated remote attackers to retrieve database credentials through a specially crafted request to the /api/install/get_db_info endpoint of index.php. This vulnerability is related to CVE-2023-42387, but the exact nature of the connection is not clear from the provided information. Attackers can exploit this weakness to gain unauthorized access to Tencent cloud databases, leading to potential data breaches and other cybersecurity threats.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Tencent Holdings Ltd

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/t-ljj0
https://www.cve.org/CVERecord?id=CVE-2023-52286
https://nvd.nist.gov/vuln/detail/CVE-2023-52286

Back to Vulnerability Database

CVE-2023-52286

CVSS 3.1 Score 7.5 of 10 (high)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations