Vulnerabilities > CVE-2023-43640 - Unspecified vulnerability in Speciesfilegroup Taxonworks
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
TaxonWorks is a web-based workbench designed for taxonomists and biodiversity scientists. Prior to version 0.34.0, a SQL injection vulnerability was found in TaxonWorks that allows authenticated attackers to extract arbitrary data from the TaxonWorks database (including the users table). This issue may lead to information disclosure. Version 0.34.0 contains a fix for the issue.
Vulnerable Configurations
References
- https://github.com/SpeciesFileGroup/taxonworks/commit/a98f2dc610a541678e1e51af47659cd8b30179ae
- https://github.com/SpeciesFileGroup/taxonworks/commit/a98f2dc610a541678e1e51af47659cd8b30179ae
- https://github.com/SpeciesFileGroup/taxonworks/security/advisories/GHSA-m9p2-jxr6-4p6c
- https://github.com/SpeciesFileGroup/taxonworks/security/advisories/GHSA-m9p2-jxr6-4p6c