VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 15, 2023· Updated Aug 2, 2024

ArmorX Global Technology Corporation ArmorX Spam - SQL Injectoin

CVE-2023-48384

Description

ArmorX Global Technology Corporation ArmorX Spam has insufficient validation for user input within a special function. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify and delete database.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

ArmorX Spam up to version 8.15.2-2.872.088-1.90.027 lacks input validation, allowing unauthenticated SQL injection leading to database compromise.

Vulnerability

ArmorX Global Technology Corporation ArmorX Spam version 8.15.2-2.872.088-1.90.027 and earlier contains an SQL injection vulnerability due to insufficient validation of user input within a special function [1]. An unauthenticated remote attacker can exploit this flaw without any prior authentication or special privileges [1].

Exploitation

An attacker, positioned anywhere on the network, crafts malicious SQL commands embedded in input to the vulnerable function. No authentication or user interaction is required. The attacker can send specially crafted HTTP requests to trigger the SQL injection and execute arbitrary SQL statements against the backend database [1].

Impact

Successful exploitation allows the attacker to read, modify, and delete arbitrary data in the database, leading to complete compromise of confidentiality, integrity, and availability of the affected system [1].

Mitigation

The vendor released version 8.15.2-2.922.096-1.90.033 on 2023-12-15 to fix the vulnerability. Users should upgrade to this or later version immediately [1]. No workaround is documented in the available references.

References
  1. 鎧睿全球科技 ArmorX Spam - SOL Injectoin

AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2

Patches

0

No patches discovered yet.

Vulnerability mechanics

No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.

References

1

News mentions

0

No linked articles in our index yet.