SourceCodester Music Gallery Site GET Request music_list.php sql injection
CVE-2023-0938

9.8CRITICAL

Key Information:

Vendor
SourceCodester
Status
Music Gallery Site
Vendor
CVE Published:
21 February 2023

Summary

A significant vulnerability has been identified in the SourceCodester Music Gallery Site. This issue stems from the manipulation of the cid parameter in the music_list.php file of the GET Request Handler. When exploited, it allows attackers to execute SQL injection attacks remotely, potentially compromising the integrity of the database. Given that this vulnerability has been publicly disclosed, it is crucial for users of this software to implement necessary security measures.

Affected Version(s)

Music Gallery Site 1.0

References

https://vuldb.com/?id.221553
vdb-entrytechnical-description
https://vuldb.com/?ctiid.221553
signaturepermissions-required
https://github.com/navaidzansari/CVE_Demo/blob/main/2023/...
exploit

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Muhammad Navaid Zafar Ansari
navaidansari (VulDB User)
.