SourceCodester Canteen Management System removeOrder.php query sql injection
CVE-2023-0781

9.8CRITICAL

Key Information:

Vendor
SourceCodester
Status
Canteen Management System
Vendor
CVE Published:
11 February 2023

Summary

A vulnerability exists in the SourceCodester Canteen Management System version 1.0 that allows attackers to perform SQL injection via the 'id' parameter in the removeOrder.php file. This flaw can be exploited remotely, enabling unauthorized access to the database. If successfully exploited, it allows attackers to manipulate the query to compromise the web application and potentially exfiltrate sensitive data. Immediate attention and patching are recommended to mitigate risks associated with this vulnerability.

Affected Version(s)

Canteen Management System 1.0

References

https://vuldb.com/?id.220624
vdb-entrytechnical-description
https://vuldb.com/?ctiid.220624
signaturepermissions-required
https://blog.csdn.net/weixin_43864034/article/details/128...
broken-linkexploit

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Tingsliat (VulDB User)
.