LeoTheme Ap Page Builder, versions prior to 18.104.22.168.
INCIBE has coordinated the publication of a vulnerability affecting LeoTheme Ap Page Builder, which has been discovered by David Manuel Herrera Rodríguez, from Telefónica Tech team.
This vulnerability has been assigned the following code:
- CVSS v3.1 base score: 7.5.
- CVSS vector string: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.
- Vulnerability type: CWE-89: improper neutralization of special elements used in an SQL command (SQL injection).
Update Ap Page Builder to the latest available version.
CVE-2023-3743: this vulnerability could allow a remote user to send a specially crafted SQL query to the product_one_img parameter and retrieve the information stored in the database.