Lucene search

INCIBECVELIST:CVE-2023-6411

HistoryNov 30, 2023 - 1:10 p.m.

CVE-2023-6411 SQL injection in Voovi Social Networking Script

2023-11-3013:10:57

CWE-89

INCIBE

www.cve.org

cve-2023-6411

sql injection

voovi social networking script

version 1.0

home.php

update parameter

remote attacker

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.1%

JSON

A vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via home.php in the update parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the application.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Voovi Social Networking Script",
    "vendor": "Voovi Social Networking Script",
    "versions": [
      {
        "status": "affected",
        "version": "1.0"
      }
    ]
  }
]

References

www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-voovi-social-networking-script

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.1%

JSON

Related for CVELIST:CVE-2023-6411