Vulnerability Details CVE-2023-4309
Election Services Co. (ESC) Internet Election Service is vulnerable to SQL injection in multiple pages and parameters. These vulnerabilities allow an unauthenticated, remote attacker to read or modify data for any elections that share the same backend database. ESC deactivated older and unused elections and enabled web application firewall (WAF) protection for current and future elections on or around 2023-08-12.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 67.2%
CVSS Severity
CVSS v3 Score 10.0
References
- https://schemasecurity.co/private-elections.pdf
- https://www.electionservicesco.com/pages/services_internet.php
- https://www.youtube.com/watch?v=yeG1xZkHc64
- https://schemasecurity.co/private-elections.pdf
- https://www.electionservicesco.com/pages/services_internet.php
- https://www.youtube.com/watch?v=yeG1xZkHc64
Products affected by CVE-2023-4309
-
cpe:2.3:a:electionservicesco:internet_election_service:-