CVE-2023-43640

MEDIUM

TaxonWorks < 0.34.0 - Authenticated SQL Injection

Title source: llm
STIX 2.1

Description

TaxonWorks is a web-based workbench designed for taxonomists and biodiversity scientists. Prior to version 0.34.0, a SQL injection vulnerability was found in TaxonWorks that allows authenticated attackers to extract arbitrary data from the TaxonWorks database (including the users table). This issue may lead to information disclosure. Version 0.34.0 contains a fix for the issue.

Scores

CVSS v3 6.5
EPSS 0.0045
EPSS Percentile 36.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-89
Status published
Products (1)
speciesfilegroup/taxonworks < 0.34.0
Published Sep 22, 2023
Tracked Since Feb 18, 2026