PRESS RELEASE. MISSOULA, Mont., Feb. 13, 2024 /PRNewswire/ - LMG Security, an internationally recognized cybersecurity consulting firm, has discovered three new critical software vulnerabilities that pose a significant threat to hundreds of organizations in the United States.
Emily Gosney, a cybersecurity consultant at LMG Security, discovered these vulnerabilities in a web application that is primarily used by credit unions to manage content.
These vulnerabilities pose a significant threat to hundreds of organizations across the United States.
CVE-2023-48985: A reflected cross-site scripting vulnerability in the CMS admin portal login page 'login.
Php' could enable an unauthenticated malicious actor to intercept login credentials for the CMS admin portal.
CVE-2023-48986: A reflected cross-site scripting vulnerability in 'users.
Php' within the CMS admin portal could enable a lower privileged malicious actor to elevate privileges or trick a user of a higher privilege level to perform unintended actions within the admin portal.
CVE-2023-48987: A blind SQL injection vulnerability in 'pages.
For the name of the company and full details on the company and software impacted, please visit: https://www.
Gosney recommends that organizations stay vigilant about supplier security standards for their current and prospective suppliers.
She also recommends organizations conduct penetration testing that includes web application and cloud environments at least annually so experts can identify your security gaps before an attacker uses them to breach your environment.
LMG Security's discovery and disclosure of these vulnerabilities reaffirm our commitment to cybersecurity and building a safer, more secure web.
LMG Security responsibly disclosed all three vulnerabilities to the software provider, and the software provider may have addressed these vulnerabilities in its application v7.75.
LMG Security is an internationally recognized leader in cybersecurity consulting, specializing in penetration testing, advisory and compliance services, cybersecurity solutions, and training.
Over the past 15 years, the LMG Security team has been featured on the Today show and team members have been quoted in the New York Times, Wall Street Journal, and many other publications.
The team has published cutting-edge research, written books on ransomware and cyber extortion, network forensics, and data breaches, and routinely speak at Black Hat, RSA and many other security conferences.
This Cyber News was published on www.darkreading.com. Publication date: Thu, 15 Feb 2024 21:40:11 +0000