How severe is CVE-2023-3938?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.6 out of 10.

What type of vulnerability is CVE-2023-3938?

This is classified as CWE-89, which is a common weakness in software security.

CVE-2023-3938 - MEDIUM Severity | CVSS 4.6

Vulnerability Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ZkTeco-based OEM devices allows an attacker to authenticate under any user from the device database. This issue affects ZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME and possibly others) with the ZAM170-NF-1.8.25-7354-Ver1.0.0 and possibly others.

Related Vulnerabilities

CVE-2022-32246

MEDIUM

CVSS:4.6(Medium)

SAP Busines Objects Business Intelligence Platform (Visual Difference Application) - versions 420, 430, allows an authenticated attacker who has access to BI admin console to send crafted queries and ...

CWE-892022

CVE-2024-3060

MEDIUM

CVSS:4.5(Medium)

The ENL Newsletter WordPress plugin through 1.0.1 does not sanitize and escape a parameter before using it in a SQL statement, allowing admin+ to perform SQL injection attacks

CWE-892024

CVE-2019-4147

MEDIUM

CVSS:4.7(Medium)

IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or ...

CWE-892019

CVE-2023-0531

MEDIUM

CVSS:4.7(Medium)

A vulnerability classified as critical has been found in SourceCodester Online Tours & Travels Management System 1.0. Affected is an unknown function of the file admin/booking_report.php. The manipula...

CWE-892023

CVE-2023-0532

MEDIUM

CVSS:4.7(Medium)

A vulnerability classified as critical was found in SourceCodester Online Tours & Travels Management System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/disapprove...

CWE-892023

CVE-2023-0533

MEDIUM

CVSS:4.7(Medium)

A vulnerability, which was classified as critical, has been found in SourceCodester Online Tours & Travels Management System 1.0. Affected by this issue is some unknown functionality of the file admin...

CWE-892023