Database Vulnerability Found in Acme Search Tool – Update Now!

CVECVE-2023-44163
CVSScvssV3_1: 9.8
SourceCVE-2023-44163

Security researchers have discovered a high severity vulnerability in the popular Acme Search Tool.

The vulnerability tracked as CVE-2023-44163 has a CVSS score of 9.8 out of 10, meaning it is relatively easy to exploit and can potentially allow attackers to compromise systems.

The issue occurs in the ‘search’ parameter of the process_search.php resource. It does not properly validate user-supplied input before sending it to the backend database. By crafting specially crafted requests, attackers could exploit this to inject malicious SQL commands and take control of the database.

This can let them delete or manipulate data, install backdoors, and more. With database access, many further attacks become possible.

If exploited, this vulnerability would be particularly dangerous as it affects a core search function. It could impact the privacy, integrity and availability of the entire application.

The good news is this can be fixed. Acme has released an update that sanitizes all input parameters to the database. Users are strongly recommended to update their installations immediately. Administrators should also carefully review database privileges and logs for any unusual activity.

By taking quick action to patch systems, Acme users can protect themselves and their users from this serious vulnerability. Staying on top of software updates is one of the best ways to avoid many common cyber threats.

References