SourceCodester Canteen Management System removeUser.php sql injection
CVE-2023-0679

8.1HIGH

Key Information:

Vendor

SourceCodester
Status
Canteen Management System
Vendor
CVE Published:
6 February 2023

What is CVE-2023-0679?

A significant SQL injection vulnerability exists within SourceCodester's Canteen Management System version 1.0. The flaw arises from improper handling of user inputs in the removeUser.php file, specifically the manipulation of the 'id' argument. This vulnerability permits remote attackers to execute arbitrary SQL queries, leading to potential database compromise. While exploiting this vulnerability requires advanced skills, its public disclosure makes it a notable concern for system administrators and security professionals.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Canteen Management System 1.0

References

https://vuldb.com/?id.220220
vdb-entrytechnical-description
https://vuldb.com/?ctiid.220220
signaturepermissions-required
https://blog.csdn.net/weixin_43864034/article/details/128...
broken-linkexploit

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

zxc65805735 (VulDB User)
JSON
.