CVE-2023-43640
CVE-2023-43640 describes an SQL injection in TaxonWorks prior to version 0.34.0, reported to allow authenticated attackers to extract arbitrary data from the TaxonWorks database (including the users table), leading to information disclosure. The fixed version is 0.34.0. Connected sources corrobor...