Thinking Software Efence login function has insufficient validation for user input. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify or delete database.
References
Link | Resource |
---|---|
https://www.twcert.org.tw/tw/cp-132-7161-3e7c9-1.html | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: twcert
Published: 2023-06-16T00:00:00
Updated: 2023-06-16T00:00:00
Reserved: 2023-05-15T00:00:00
Link: CVE-2023-32754
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-06-16T04:15:13.947
Modified: 2023-06-30T07:38:14.497
Link: CVE-2023-32754
JSON object: View
Redhat Information
No data.
CWE