CVE-2023-6772

CVSS 3.1 Score 7.2 of 10 (high)

Details

Published Dec 13, 2023

Updated: May 17, 2024

CWE ID 89

Summary

CVE-2023-6772 is a critical vulnerability discovered in OTCMS 7.01. This issue lies within an unspecified function of the /admin/ind_backstage.php file. An attacker can exploit this vulnerability by manipulating the sqlContent argument, resulting in sql injection. The attack can be executed remotely, making it a significant threat. The exploit for this vulnerability, identified as VDB-247908, has been disclosed to the public, increasing the risk of potential attacks.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/tyqspf
https://www.cve.org/CVERecord?id=CVE-2023-6772
https://nvd.nist.gov/vuln/detail/CVE-2023-6772

Back to Vulnerability Database

CVE-2023-6772

CVSS 3.1 Score 7.2 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations