PT-2023-32644 · Unknown · Voovi Social Networking Script

Rafael Pedrero

Published

2023-11-30

Updated

2023-12-02

CVE-2023-6413

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Voovi Social Networking Script version 1.0

Description A SQL injection vulnerability has been reported, affecting the photos.php endpoint in the id and user parameters. This could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the application.

Recommendations For Voovi Social Networking Script version 1.0, consider disabling access to the photos.php endpoint or restricting the use of the id and user parameters until a patch is available. As a temporary workaround, restrict access to the photos.php endpoint to minimize the risk of exploitation.

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2023-6413

Affected Products

Voovi Social Networking Script

PT-2023-32644 · Unknown · Voovi Social Networking Script

CVE-2023-6413

Weakness Enumeration

Related Identifiers

Affected Products

References · 5