SourceCodester Medical Certificate Generator App function.php delete_record sql injection
CVE-2023-0707

9.8CRITICAL

Key Information:

Vendor: SourceCodester
Status: Medical Certificate Generator App
Vendor: CVE Published:; 7 February 2023

Summary

A security flaw has been identified in the SourceCodester Medical Certificate Generator App 1.0, where improper validation in the delete_record function located in function.php allows an attacker to execute SQL injection attacks. By manipulating the argument id, unauthorized users can compromise the backend database, leading to potential exposure of sensitive data and disruption of service. It is crucial for users of the application to take remedial measures to safeguard against this vulnerability.

Affected Version(s)

Medical Certificate Generator App 1.0

References

https://vuldb.com/?id.220346

vdb-entrytechnical-description

https://vuldb.com/?ctiid.220346

signature

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 7, 2023
Vulnerability Reserved
Feb 7, 2023

Credit

p1nk (VulDB User)