PT-2023-25122 · Infodrom · E-Invoice Approval System

Gokhan Uygan

Publicado

2023-07-25

Atualizado

2026-05-22

CVE-2023-35066

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Infodrom Software E-Invoice Approval System versions prior to 20230701

Description The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks.

Recommendations For versions prior to 20230701, update to version 20230701 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive database operations to minimize the risk of exploitation.

Correção

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

CVE-2023-35066

Produtos afetados

E-Invoice Approval System

PT-2023-25122 · Infodrom · E-Invoice Approval System

CVE-2023-35066

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7