PT-2023-32645 · Unknown · Voovi Social Networking Script

Rafael Pedrero

Published

2023-11-30

Updated

2023-12-02

CVE-2023-6414

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Voovi Social Networking Script version 1.0

Description A SQL injection vulnerability has been reported, allowing a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the application. The issue is exploited via perfil.php in the id and user parameters.

Recommendations For Voovi Social Networking Script version 1.0, as a temporary workaround, consider restricting access to the perfil.php endpoint or sanitizing the id and user parameters to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2023-6414

Affected Products

Voovi Social Networking Script

PT-2023-32645 · Unknown · Voovi Social Networking Script

CVE-2023-6414

Weakness Enumeration

Related Identifiers

Affected Products

References · 4