← back
CVE-2023-4309

CVE-2023-4309

CVSS 10 CRITICALEPSS 1.1%CWE-89
Vexday Risk Score
28Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 10EPSS 1.1%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
10 Oct 2023Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Election Services Co. (ESC) Internet Election Service is vulnerable to SQL injection in multiple pages and parameters. These vulnerabilities allow an unauthenticated, remote attacker to read or modify data for any elections that share the same backend database. ESC deactivated older and unused elections and enabled web application firewall (WAF) protection for current and future elections on or around 2023-08-12.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H