CVE-2023-26443

Name of the Vulnerable Software and Affected Versions Software (affected versions not specified)

Description The issue concerns a full-text autocomplete search that allows user-provided SQL syntax to be injected into SQL statements. Despite existing sanitization, this can be exploited to trigger benign SQL exceptions and potentially escalated to a malicious SQL injection. The fix involves properly encoding single quotes for SQL FULLTEXT queries. There are no known publicly available exploits.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.