Critical severity10.0NVD Advisory· Published Oct 10, 2023· Updated Jun 17, 2026
CVE-2023-4309
CVE-2023-4309
Description
Election Services Co. (ESC) Internet Election Service is vulnerable to SQL injection in multiple pages and parameters. These vulnerabilities allow an unauthenticated, remote attacker to read or modify data for any elections that share the same backend database. ESC deactivated older and unused elections and enabled web application firewall (WAF) protection for current and future elections on or around 2023-08-12.
Affected products
3- Election Services Co. (ESC)/Internet Election Servicev5Range: 0
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.