Overview
- Description
- Election Services Co. (ESC) Internet Election Service is vulnerable to SQL injection in multiple pages and parameters. These vulnerabilities allow an unauthenticated, remote attacker to read or modify data for any elections that share the same backend database. ESC deactivated older and unused elections and enabled web application firewall (WAF) protection for current and future elections on or around 2023-08-12.
- Source
- 9119a7d8-5eab-497f-8521-727c672e3725
- NVD status
- Modified
- CNA Tags
- exclusively-hosted-service
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:electionservicesco:internet_election_service:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "78627388-63C2-42E7-B55C-83A012931A9A"
}
],
"operator": "OR"
}
]
}
]