Vulnerability Description
Election Services Co. (ESC) Internet Election Service is vulnerable to SQL injection in multiple pages and parameters. These vulnerabilities allow an unauthenticated, remote attacker to read or modify data for any elections that share the same backend database. ESC deactivated older and unused elections and enabled web application firewall (WAF) protection for current and future elections on or around 2023-08-12.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Electionservicesco | Internet Election Service | - |
Related Weaknesses (CWE)
References
- https://schemasecurity.co/private-elections.pdf
- https://www.electionservicesco.com/pages/services_internet.php
- https://www.youtube.com/watch?v=yeG1xZkHc64
- https://schemasecurity.co/private-elections.pdf
- https://www.electionservicesco.com/pages/services_internet.php
- https://www.youtube.com/watch?v=yeG1xZkHc64
FAQ
What is CVE-2023-4309?
CVE-2023-4309 is a vulnerability with a CVSS score of 10.0 (CRITICAL). Election Services Co. (ESC) Internet Election Service is vulnerable to SQL injection in multiple pages and parameters. These vulnerabilities allow an unauthenticated, remote attacker to read or modify...
How severe is CVE-2023-4309?
CVE-2023-4309 has been rated CRITICAL with a CVSS base score of 10.0/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2023-4309?
Check the references section above for vendor advisories and patch information. Affected products include: Electionservicesco Internet Election Service.