PT-2023-31084 · Magic Logix · Magic Logix Msync

Mika

Published

2023-12-20

Updated

2023-12-27

CVE-2023-49166

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Magic Logix MSync versions 1.0.0 and earlier

Description The issue is related to an Improper Neutralization of Special Elements used in an SQL Command, also known as a SQL Injection vulnerability. This vulnerability affects Magic Logix MSync, allowing potential exploitation.

Recommendations For Magic Logix MSync versions 1.0.0 and earlier, update to a version that includes a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2023-49166

Affected Products

Magic Logix Msync

PT-2023-31084 · Magic Logix · Magic Logix Msync

CVE-2023-49166

Weakness Enumeration

Related Identifiers

Affected Products

References · 6