← Zuruck zu CVEs
CVE-2023-4309
CRITICAL10.0
Beschreibung
Election Services Co. (ESC) Internet Election Service is vulnerable to SQL injection in multiple pages and parameters. These vulnerabilities allow an unauthenticated, remote attacker to read or modify data for any elections that share the same backend database. ESC deactivated older and unused elections and enabled web application firewall (WAF) protection for current and future elections on or around 2023-08-12.
CVE Details
CVSS v3.1 Bewertung10.0
SchweregradCRITICAL
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht10/10/2023
Zuletzt geandert11/21/2024
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
electionservicesco:internet_election_service
Schwachen (CWE)
CWE-89CWE-89
Referenzen
https://schemasecurity.co/private-elections.pdf(9119a7d8-5eab-497f-8521-727c672e3725)
https://www.electionservicesco.com/pages/services_internet.php(9119a7d8-5eab-497f-8521-727c672e3725)
https://www.youtube.com/watch?v=yeG1xZkHc64(9119a7d8-5eab-497f-8521-727c672e3725)
https://schemasecurity.co/private-elections.pdf(af854a3a-2127-422b-91ae-364da2661108)
https://www.electionservicesco.com/pages/services_internet.php(af854a3a-2127-422b-91ae-364da2661108)
https://www.youtube.com/watch?v=yeG1xZkHc64(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.