Headline
CVE-2023-3743: Sql Injection Vulnerability Leothemes Ap Page Builder | INCIBE-CERT
Ap Page Builder, in versions lower than 1.7.8.2, could allow a remote attacker to send a specially crafted SQL query to the product_one_img parameter to retrieve the information stored in the database.
Affected Resources
LeoTheme Ap Page Builder, versions prior to 1.7.8.2.
Description
INCIBE has coordinated the publication of a vulnerability affecting LeoTheme Ap Page Builder, which has been discovered by David Manuel Herrera Rodríguez, from Telefónica Tech team.
This vulnerability has been assigned the following code:
CVE-2023-3743
- CVSS v3.1 base score: 7.5.
- CVSS vector string: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.
- Vulnerability type: CWE-89: improper neutralization of special elements used in an SQL command (SQL injection).
Solution
Update Ap Page Builder to the latest available version.
Detail
CVE-2023-3743: this vulnerability could allow a remote user to send a specially crafted SQL query to the product_one_img parameter and retrieve the information stored in the database.