Non-sanitized user input could lead to SQL injections in AXIS License Plate Verifier
CVE-2023-21412

8.8HIGH

Key Information:

Vendor: Axis Communications Ab
Status: Axis License Plate Verifier
Vendor: CVE Published:; 3 August 2023

Summary

A security issue exists in the AXIS License Plate Verifier due to improper sanitization of user-supplied input on the 'search.cgi' script. This vulnerability allows attackers to perform SQL injection attacks, potentially compromising the integrity of the database and exposing sensitive data. Organizations using this product should evaluate their exposure and apply necessary security measures to mitigate the risks associated with this vulnerability.

Affected Version(s)

AXIS License Plate Verifier 2.8.3 or earlier

References

https://www.axis.com/dam/public/0b/1c/96/cve-2023-2140712...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 3, 2023
Vulnerability Reserved
Nov 4, 2022