CVE-2023-33367 Information

Description

A SQL injection vulnerability exists in Control ID IDSecure 4.7.26.0 and prior allowing unauthenticated attackers to write PHP files on the server’s root directory resulting in remote code execution.

Reference

https://claroty.com/team82/disclosure-dashboard/cve-2023-33367 https://www.controlid.com.br/en/access-control/idsecure/