PT-2023-32649 · Unknown · Voovi Social Networking Script
Rafael Pedrero
·
Published
2023-11-30
·
Updated
2023-12-02
·
CVE-2023-6418
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Voovi Social Networking Script version 1.0
Description
A SQL injection vulnerability has been reported, affecting the videos.php endpoint in the
id parameter. This could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the application.Recommendations
For version 1.0, consider disabling access to the videos.php endpoint or restricting the use of the
id parameter until a patch is available. As a temporary workaround, avoid using the id parameter in the videos.php endpoint to minimize the risk of exploitation.Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Voovi Social Networking Script