SourceCodester Music Gallery Site sql injection
CVE-2023-1054

9.8CRITICAL

Key Information:

Vendor: SourceCodester
Status: Music Gallery Site
Vendor: CVE Published:; 27 February 2023

Summary

An SQL injection vulnerability was discovered in the Music Gallery Site 1.0, specifically within an unidentified function of the /admin/?page=user/manage endpoint. This security flaw allows attackers to manipulate the 'id' argument, potentially enabling unauthorized remote access and data manipulation. Unsuspecting users of the Music Gallery Site could be at significant risk if this vulnerability is exploited.

Affected Version(s)

Music Gallery Site 1.0

References

https://vuldb.com/?id.221820

vdb-entrytechnical-description

https://vuldb.com/?ctiid.221820

signature

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 27, 2023
Vulnerability Reserved
Feb 27, 2023

Credit

sk3l10x1ng (VulDB User)