CVE-2023-24835 HIGH

CVE-2023-24835: Softnext SPAM SQR - Code Injection

Vendor Softnext
Product SPAM SQR
Weakness CWE-94 · Code injection
Published March 27, 2023
Last update February 19, 2025

CVSS base score

7.2/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Softnext Technologies Corp.’s SPAM SQR has a vulnerability of Code Injection within its specific function. An authenticated remote attacker with administrator privilege can exploit this vulnerability to execute arbitrary system command to perform arbitrary system operation or disrupt service.

Key dates

02Disclosure timeline

March 27, 2023 CVE published
February 19, 2025 Record updated

Related vulnerabilities

04Related CVE