CVE-2023-39980: MXsecurity Authenticated Information Disclosure Due to SQL Injection
First published: Sat Sep 02 2023(Updated: )
A vulnerability that allows the unauthorized disclosure of authenticated information has been identified in MXsecurity versions prior to v1.0.1. This vulnerability arises when special elements are not neutralized correctly, allowing remote attackers to alter SQL commands.
Credit: psirt@moxa.com psirt@moxa.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Moxa Mxsecurity | <=1.0.1 |
Remedy
Moxa has developed appropriate solution to address the vulnerability. The solution for affected product is shown below. * MXsecurity: Please upgrade to software v1.1.0 or higher.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-39980?
CVE-2023-39980 is a vulnerability that allows the unauthorized disclosure of authenticated information in MXsecurity versions prior to v1.0.1.
How can remote attackers exploit CVE-2023-39980?
Remote attackers can exploit CVE-2023-39980 by altering SQL commands due to incorrect neutralization of special elements.
Which software versions are affected by CVE-2023-39980?
MXsecurity versions prior to v1.0.1 are affected by CVE-2023-39980.
What is the severity of CVE-2023-39980?
CVE-2023-39980 has a severity rating of 8.1 (high).
How can I fix CVE-2023-39980?
To fix CVE-2023-39980, it is recommended to update to MXsecurity version 1.0.1 or newer.
- collector/nvd-api
- collector/nvd-index
- agent/author
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/remedy
- agent/last-modified-date
- agent/title
- agent/severity
- agent/references
- agent/description
- agent/tags
- agent/first-publish-date
- agent/event
- vendor/moxa
- canonical/moxa mxsecurity
- version/moxa mxsecurity/1.0.1