PT-2023-28694 · Election Services Co. · Internet Election Service
Schema
·
Published
2023-10-10
·
Updated
2024-08-02
·
CVE-2023-4309
CVSS v3.1
10
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Election Services Co. (ESC) Internet Election Service (affected versions not specified)
Description
The issue concerns SQL injection vulnerabilities in multiple pages and parameters of the Election Services Co. (ESC) Internet Election Service. These vulnerabilities allow an unauthenticated, remote attacker to read or modify data for any elections that share the same backend database. The vendor, ESC, has taken mitigation steps by deactivating older and unused elections and enabling web application firewall (WAF) protection for current and future elections.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Internet Election Service