SourceCodester Auto Dealer Management System sql injection
CVE-2023-0913

8.8HIGH

Key Information:

Vendor
SourceCodester
Status
Auto Dealer Management System
Vendor
CVE Published:
18 February 2023

Summary

A SQL injection vulnerability exists in the SourceCodester Auto Dealer Management System 1.0, affecting the /adms/admin/?page=vehicles/sell_vehicle endpoint. This vulnerability enables attackers to manipulate the 'id' argument, allowing unauthorized access to the database. As it can be triggered remotely, this issue poses a significant risk and has been publicly disclosed, making it crucial for users to take immediate action to secure their systems.

Affected Version(s)

Auto Dealer Management System 1.0

References

https://vuldb.com/?id.221482
vdb-entrytechnical-description
https://vuldb.com/?ctiid.221482
signaturepermissions-required
https://github.com/navaidzansari/CVE_Demo/blob/main/2023/...
exploit

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

navaidansari (VulDB User)
.