PT-2023-32647 · Unknown · Voovi Social Networking Script
Rafael Pedrero
·
Published
2023-11-30
·
Updated
2023-12-02
·
CVE-2023-6416
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Voovi Social Networking Script version 1.0
Description
A SQL injection vulnerability has been reported, affecting the signup2.php file through the
emailadd parameter. This could allow a remote attacker to send a specially crafted SQL query to the server, potentially retrieving all stored application information.Recommendations
For Voovi Social Networking Script version 1.0, consider restricting access to the signup2.php file or the
emailadd parameter until a patch is available. As a temporary workaround, avoid using the emailadd parameter in the affected API endpoint until the issue is resolved.Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Voovi Social Networking Script