CVE-2023-32754: Thinking Software Efence - SQL injection

9.8 CVSS

Description

Thinking Software Efence login function has insufficient validation for user input. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify or delete database.

Classification

CVE ID: CVE-2023-32754

CVSS Base Severity: CRITICAL

CVSS Base Score: 9.8

Affected Products

Vendor: Thinking Software

Product: Efence

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 22.53% (scored less or equal to compared to others)

EPSS Date: 2025-02-04 (when was this score calculated)

References

https://www.twcert.org.tw/tw/cp-132-7161-3e7c9-1.html

Timeline

2024-12-13 00:30:25 UTC
CVE

Thinking Software Efence - SQL injection