PT-2023-28694 · Election Services Co. · Internet Election Service
Schema
·
Publicado
2023-10-10
·
Atualizado
2024-08-02
·
CVE-2023-4309
CVSS v3.1
10
Crítica
| Vetor | AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Election Services Co. (ESC) Internet Election Service (affected versions not specified)
Description
The issue concerns SQL injection vulnerabilities in multiple pages and parameters of the Election Services Co. (ESC) Internet Election Service. These vulnerabilities allow an unauthenticated, remote attacker to read or modify data for any elections that share the same backend database. The vendor, ESC, has taken mitigation steps by deactivating older and unused elections and enabling web application firewall (WAF) protection for current and future elections.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
SQL injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Internet Election Service