Platform
php
Component
voovi-social-networking-script
Fixed in
1.0.1
CVE-2023-6414 describes a critical SQL injection vulnerability discovered in Voovi Social Networking Script versions 1.0. This flaw allows a remote attacker to inject malicious SQL queries, potentially leading to unauthorized data access and manipulation. The vulnerability resides in the perfil.php file, specifically within the id and user parameters. A patch, version 1.0.1, has been released to address this security concern.
The SQL injection vulnerability in Voovi Social Networking Script poses a significant risk to data confidentiality and integrity. An attacker could exploit this flaw to bypass authentication mechanisms and gain unauthorized access to the database. This could lead to the extraction of sensitive user data, including usernames, passwords, email addresses, and potentially other personally identifiable information (PII). Furthermore, an attacker might be able to modify or delete data within the database, disrupting the functionality of the social networking script and potentially causing data loss. The impact is amplified if the database contains sensitive financial or business information.
CVE-2023-6414 was publicly disclosed on 2023-11-30. While no active exploitation campaigns have been definitively confirmed, the critical severity and ease of exploitation (SQL injection) suggest a high probability of exploitation if left unpatched. No KEV listing is currently available. Public proof-of-concept exploits are likely to emerge given the vulnerability's nature.
Exploit Status
EPSS
0.20% (42% percentile)
CVSS Vector
The primary mitigation for CVE-2023-6414 is to immediately upgrade Voovi Social Networking Script to version 1.0.1 or later. If upgrading is not immediately feasible, consider implementing temporary workarounds such as input validation and sanitization on the id and user parameters in perfil.php. Web application firewalls (WAFs) configured with rules to detect and block SQL injection attempts can also provide an additional layer of protection. Regularly review and update database access permissions to limit the potential impact of a successful attack.
Update to a patched version or discontinue use of the script. Due to the (SQL Injection), it is crucial to review and sanitize user inputs in perfil.php, especially the 'id' and 'user' parameters, using escaping functions or parameterized queries to prevent the execution of malicious SQL code.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2023-6414 is a critical SQL injection vulnerability affecting Voovi Social Networking Script versions 1.0, allowing attackers to inject malicious SQL queries and potentially extract sensitive data.
If you are using Voovi Social Networking Script version 1.0, you are vulnerable. Upgrade to version 1.0.1 or later to mitigate the risk.
The recommended fix is to upgrade to version 1.0.1 or later. As a temporary workaround, implement input validation and sanitization on the id and user parameters in perfil.php.
While no confirmed active exploitation campaigns are currently known, the vulnerability's critical severity and ease of exploitation suggest a high probability of exploitation if left unpatched.
Refer to the vendor's official advisory for the most up-to-date information and instructions: [https://github.com/voovi/voovi/issues/10](https://github.com/voovi/voovi/issues/10)
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.