{"vulnerability": "CVE-2023-26443", "sightings": [{"uuid": "ca552305-6fc8-48e2-a279-0d0a959fe1a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26443", "type": "seen", "source": "https://t.me/cibsecurity/67586", "content": "\u203c CVE-2023-26443 \u203c\n\nFull-text autocomplete search allows user-provided SQL syntax to be injected to SQL statements. With existing sanitization in place, this can be abused to trigger benign SQL Exceptions but could potentially be escalated to a malicious SQL injection vulnerability. We now properly encode single quotes for SQL FULLTEXT queries. No publicly available exploits are known.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-02T16:39:30.000000Z"}]}