SourceCodester Online Graduate Tracer System add_acc.php sql injection
CVE-2023-1040

9.8CRITICAL

Key Information:

Vendor
SourceCodester
Status
Online Graduate Tracer System
Vendor
CVE Published:
26 February 2023

Summary

A security issue has been identified in the SourceCodester Online Graduate Tracer System, specifically within the file tracking/admin/add_acc.php. This vulnerability enables attackers to manipulate the 'id' parameter, leading to a SQL injection that can be executed remotely. As the exploit is now public, it is critical for users to apply necessary security measures to safeguard their systems against potential attacks.

Affected Version(s)

Online Graduate Tracer System 1.0

References

https://vuldb.com/?id.221798
vdb-entrytechnical-description
https://vuldb.com/?ctiid.221798
signaturepermissions-required
https://blog.csdn.net/weixin_43864034/article/details/129...
broken-linkexploit

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database

Credit

kdyhuiji (VulDB User)
kdyhuiji (VulDB User)
.