SourceCodester Music Gallery Site view_category.php sql injection
CVE-2023-1053

9.8CRITICAL

Key Information:

Vendor: SourceCodester
Status: Music Gallery Site
Vendor: CVE Published:; 27 February 2023

Summary

A SQL injection vulnerability exists in the Music Gallery Site by SourceCodester, particularly within the view_category.php file. This flaw allows an attacker to manipulate the 'id' argument, potentially leading to unauthorized access to the database and extraction of sensitive information. The attack can be initiated remotely, making it a significant security concern for users of the affected version, 1.0.

Affected Version(s)

Music Gallery Site 1.0

References

https://vuldb.com/?id.221819

vdb-entrytechnical-description

https://vuldb.com/?ctiid.221819

signature

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 27, 2023
Vulnerability Reserved
Feb 27, 2023

Credit

sk3l10x1ng (VulDB User)