SourceCodester Canteen Management System removeUser.php sql injection
CVE-2023-0679

8.1HIGH

Key Information:

Vendor

SourceCodester
Status
Canteen Management System
Vendor
CVE Published:
6 February 2023

What is CVE-2023-0679?

A significant SQL injection vulnerability exists within SourceCodester's Canteen Management System version 1.0. The flaw arises from improper handling of user inputs in the removeUser.php file, specifically the manipulation of the 'id' argument. This vulnerability permits remote attackers to execute arbitrary SQL queries, leading to potential database compromise. While exploiting this vulnerability requires advanced skills, its public disclosure makes it a notable concern for system administrators and security professionals.

Affected Version(s)

Canteen Management System 1.0

References

https://vuldb.com/?id.220220
vdb-entrytechnical-description
https://vuldb.com/?ctiid.220220
signaturepermissions-required
https://blog.csdn.net/weixin_43864034/article/details/128...
broken-linkexploit

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

zxc65805735 (VulDB User)
.