CVE-2023-7184

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Dec 31, 2023

Updated: May 17, 2024

CWE ID 89

Summary

CVE-2023-7184 is a recently disclosed critical vulnerability affecting the 7-card Fakabao software up to version 1.0_build20230805. The issue lies in an unknown functionality of the file shop/notify.php, where the argument out_trade_no can be manipulated to execute SQL injection. This vulnerability, identified as VDB-249386, has been publicly disclosed, increasing the risk of exploitation. Regrettably, the vendor has not responded to previous disclosure notices regarding this issue.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/t-TWLx
https://www.cve.org/CVERecord?id=CVE-2023-7184
https://nvd.nist.gov/vuln/detail/CVE-2023-7184

Back to Vulnerability Database

CVE-2023-7184

CVSS 3.1 Score 8.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations