PT-2023-32645 · Unknown · Voovi Social Networking Script

Rafael Pedrero

Publicado

2023-11-30

Atualizado

2023-12-02

CVE-2023-6414

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Voovi Social Networking Script version 1.0

Description A SQL injection vulnerability has been reported, allowing a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the application. The issue is exploited via perfil.php in the id and user parameters.

Recommendations For Voovi Social Networking Script version 1.0, as a temporary workaround, consider restricting access to the perfil.php endpoint or sanitizing the id and user parameters to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

CVE-2023-6414

Produtos afetados

Voovi Social Networking Script

PT-2023-32645 · Unknown · Voovi Social Networking Script

CVE-2023-6414

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4