SourceCodester Employee Task Management System task-details.php sql injection
CVE-2023-0904

8.8HIGH

Key Information:

Vendor
SourceCodester
Status
Employee Task Management System
Vendor
CVE Published:
18 February 2023

Summary

A SQL injection vulnerability exists in the Employee Task Management System by SourceCodester, specifically affecting the processing within the file task-details.php. An attacker could manipulate the task_id parameter, enabling unauthorized SQL queries to be executed on the database. This vulnerability may be exploited remotely, potentially compromising sensitive data. The public disclosure of this issue highlights the urgency for affected users to apply necessary patches or updates to safeguard their systems.

Affected Version(s)

Employee Task Management System 1.0

References

https://vuldb.com/?id.221453
vdb-entrytechnical-description
https://vuldb.com/?ctiid.221453
signaturepermissions-required
https://github.com/navaidzansari/CVE_Demo/blob/main/2023/...
exploit

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

navaidansari (VulDB User)
.