SourceCodester Online Food Ordering System Login Module admin_class.php sql injection
CVE-2023-0305

7.5HIGH

Key Information:

Vendor

SourceCodester
Status
Online Food Ordering System
Vendor
CVE Published:
15 January 2023

What is CVE-2023-0305?

A SQL injection vulnerability has been identified in the SourceCodester Online Food Ordering System, specifically affecting the Login Module's admin_class.php file. This vulnerability allows attackers to manipulate the 'username' parameter, enabling unauthorized remote access and potential compromise of database information. Given that the exploit details have been made public, immediate action is required to secure affected installations and prevent exploitation.

Affected Version(s)

Online Food Ordering System

References

https://vuldb.com/?id.218386
vdb-entrytechnical-description
https://vuldb.com/?ctiid.218386
signaturepermissions-required
https://github.com/Hanfu-l/cvetest/blob/main/3.pdf
exploit

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)
JSON
.