CVE-2023-7144

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Dec 29, 2023

Updated: May 17, 2024

CWE ID 89

Summary

CVE-2023-7144 is a newly disclosed critical vulnerability that affects gopeak MasterLab up to version 3.3.10. The issue lies in the sqlInject function of the File app/ctrl/framework/Feature.php within the component HTTP POST Request Handler. Maliciously crafted input to the pwd argument can result in sql injection, enabling attackers to execute arbitrary SQL statements and potentially gain unauthorized access. The vulnerability, identified as VDB-249147, has been publicly disclosed, increasing the risk of exploitation.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/t8wjkV
https://www.cve.org/CVERecord?id=CVE-2023-7144
https://nvd.nist.gov/vuln/detail/CVE-2023-7144

Back to Vulnerability Database

CVE-2023-7144

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations