CVE-2023-26452
Summary
A vulnerability (CVE-2023-26452) exists in the imageconverter service that allows for unchecked SQL queries to be executed if an image's metadata is requested. Successful exploitation requires access to adjacent networks and could lead to arbitrary SQL statement execution within the service's database context.
IFF Assessment
FOE
This vulnerability allows for arbitrary SQL injection, which is a serious threat that can lead to data compromise and unauthorized access.
Severity
7.6
High
Defender Context
Defenders should be aware of this SQL injection vulnerability in image conversion services. It's crucial to ensure robust input validation and sanitization for all API requests, especially those handling image metadata, and to monitor logs for suspicious SQL-related error messages.