CVE-2023-29047
moderate-risk
Published 2023-11-02
Imageconverter API endpoints provided methods that were not sufficiently validating and sanitizing client input, allowing to inject arbitrary SQL statements. An attacker with access to the adjacent network and potentially API credentials, could read and modify database content which is accessible to the imageconverter SQL user account. None No publicly available exploits are known.
Do I need to act?
-
0.05% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.3/10
Medium
PHYSICAL
/ LOW complexity
Affected Products (20)
Affected Vendors
References (4)
43
/ 100
moderate-risk
Severity
18/34 · Moderate
Exploitability
0/34 · Minimal
Exposure
25/34 · High