SourceCodester Music Gallery Site sql injection
CVE-2023-1054

4.7MEDIUM

Key Information:

Vendor
CVE Published:
27 February 2023

Summary

An SQL injection vulnerability was discovered in the Music Gallery Site 1.0, specifically within an unidentified function of the /admin/?page=user/manage endpoint. This security flaw allows attackers to manipulate the 'id' argument, potentially enabling unauthorized remote access and data manipulation. Unsuspecting users of the Music Gallery Site could be at significant risk if this vulnerability is exploited.

Affected Version(s)

Music Gallery Site 1.0

References

CVSS V3.1

Score:
4.7
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

CVSS V3.0

Score:
4.7
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

sk3l10x1ng (VulDB User)
.