In the dynamic realm of cybersecurity, staying updated on the latest vulnerabilities is imperative.
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between December 30-31, 2023.
During this period, The National Vulnerability Database published 35, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 0
High: 2
Medium: 9
Low: 0
Severity Not Assigned: 24
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2023-7172
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A vulnerability, which was classified as critical, has been found in PHPGurukul Hospital Management System 1.0. Affected by this issue is some unknown functionality of the component Admin Dashboard. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249356.
References: https://drive.google.com/file/d/11DHRUjvOF0yV24I4JlZ0X1RE4V-mcood/view?usp=sharing
https://vuldb.com/?ctiid.249356
https://vuldb.com/?id.249356
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
2. CVE-2023-6998
Base Score: 7.7
Base Severity: HIGH
Exploitability Score: 2.5
Impact Score: 5.2
Description: Improper privilege management vulnerability in CoolKit Technology eWeLink on Android and iOS allows application lockscreen bypass.This issue affects eWeLink before 5.2.0.
References: https://cert.pl/en/posts/2023/12/CVE-2023-6998/
https://cert.pl/posts/2023/12/CVE-2023-6998/
https://ewelink.cc/app/
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between December 30-31, 2023.
During this period, The National Vulnerability Database published 35, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 0
High: 2
Medium: 9
Low: 0
Severity Not Assigned: 24
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2023-7172
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A vulnerability, which was classified as critical, has been found in PHPGurukul Hospital Management System 1.0. Affected by this issue is some unknown functionality of the component Admin Dashboard. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249356.
References: https://drive.google.com/file/d/11DHRUjvOF0yV24I4JlZ0X1RE4V-mcood/view?usp=sharing
https://vuldb.com/?ctiid.249356
https://vuldb.com/?id.249356
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
2. CVE-2023-6998
Base Score: 7.7
Base Severity: HIGH
Exploitability Score: 2.5
Impact Score: 5.2
Description: Improper privilege management vulnerability in CoolKit Technology eWeLink on Android and iOS allows application lockscreen bypass.This issue affects eWeLink before 5.2.0.
References: https://cert.pl/en/posts/2023/12/CVE-2023-6998/
https://cert.pl/posts/2023/12/CVE-2023-6998/
https://ewelink.cc/app/
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found