SourceCodester Dental Clinic Appointment Reservation System POST Parameter login.php sql injection
CVE-2023-1037

9.8CRITICAL

Key Information:

Vendor

SourceCodester
Status
Dental Clinic Appointment Reservation System
Vendor
CVE Published:
26 February 2023

What is CVE-2023-1037?

A SQL injection vulnerability exists in the login.php file of the POST Parameter Handler component within SourceCodester's Dental Clinic Appointment Reservation System 1.0. An attacker can exploit this vulnerability by manipulating the username parameter, allowing for unauthorized access to the database. This issue can be exploited remotely, making it critical for users to apply patches or mitigations. The vulnerability has been disclosed publicly, increasing the urgency for immediate remediation.

Affected Version(s)

Dental Clinic Appointment Reservation System 1.0

References

https://vuldb.com/?id.221795
vdb-entrytechnical-description
https://vuldb.com/?ctiid.221795
signaturepermissions-required
https://github.com/nightcloudos/bug_report/blob/main/vend...
exploit

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

niclo (VulDB User)
JSON
.
CVE-2023-1037 : SourceCodester Dental Clinic Appointment Reservation System POST Parameter login.php sql injection