SourceCodester Online Flight Booking Management System add_contestant.php sql injection
CVE-2023-0245

9.8CRITICAL

Key Information:

Vendor
SourceCodester
Status
Online Flight Booking Management System
Vendor
CVE Published:
12 January 2023

Summary

A vulnerability has been identified in the SourceCodester Online Flight Booking Management System, specifically affecting the file add_contestant.php. This flaw allows an attacker to manipulate the argument add_contestant, leading to SQL injection attacks. Such vulnerabilities enable unauthorized access to the database, posing a risk of sensitive data exposure. The attack can be performed remotely, and the details of the exploit have been made public, highlighting the urgent need for users to update to the latest secured versions.

Affected Version(s)

Online Flight Booking Management System

References

https://vuldb.com/?id.218153
vdb-entrytechnical-description
https://vuldb.com/?ctiid.218153
signaturepermissions-required
https://github.com/f4cky0u/Security-vulnerabilities/blob/...
exploit

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Evilmu1 (VulDB User)
.