SourceCodester Medical Certificate Generator App manage_record.php sql injection
CVE-2023-0706

8.8HIGH

Key Information:

Vendor: SourceCodester
Status: Medical Certificate Generator App
Vendor: CVE Published:; 7 February 2023

Summary

A vulnerability exists within the SourceCodester Medical Certificate Generator App 1.0 that enables remote SQL injection through manipulated parameters in the manage_record.php file. Attackers can exploit this flaw to execute arbitrary SQL queries, potentially leading to unauthorized data access and manipulation. This security issue highlights the need for developers to validate user input effectively and implement secure coding practices to protect against injection attacks.

Affected Version(s)

Medical Certificate Generator App 1.0

References

https://vuldb.com/?id.220340

vdb-entrytechnical-description

https://vuldb.com/?ctiid.220340

signature

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 7, 2023
Vulnerability Reserved
Feb 7, 2023

Credit

p1nk (VulDB User)