SourceCodester Music Gallery Site sql injection
CVE-2023-1054
4.7MEDIUM
Summary
An SQL injection vulnerability was discovered in the Music Gallery Site 1.0, specifically within an unidentified function of the /admin/?page=user/manage endpoint. This security flaw allows attackers to manipulate the 'id' argument, potentially enabling unauthorized remote access and data manipulation. Unsuspecting users of the Music Gallery Site could be at significant risk if this vulnerability is exploited.
Affected Version(s)
Music Gallery Site 1.0
References
CVSS V3.1
Score:
4.7
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged
CVSS V3.0
Score:
4.7
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
sk3l10x1ng (VulDB User)