SourceCodester Medical Certificate Generator App action.php sql injection
CVE-2023-0774

9.8CRITICAL

Key Information:

Vendor

SourceCodester
Status
Medical Certificate Generator App
Vendor
CVE Published:
10 February 2023

What is CVE-2023-0774?

A significant SQL injection vulnerability exists in SourceCodester's Medical Certificate Generator App 1.0, specifically in the handling of user-supplied input through the lastname argument in the action.php file. This vulnerability allows attackers to manipulate SQL queries, potentially leading to unauthorized access to the database. The exploit can be executed remotely, making it a serious risk for users. Public disclosure of this vulnerability raises concerns regarding its exploitation in the wild.

Affected Version(s)

Medical Certificate Generator App 1.0

References

https://vuldb.com/?id.220558
vdb-entrytechnical-description
https://vuldb.com/?ctiid.220558
signaturepermissions-required
https://www.youtube.com/watch?v=s3oK5jebx_I
media-coverage

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Gab3 (VulDB User)
.
CVE-2023-0774 : SourceCodester Medical Certificate Generator App action.php sql injection