SourceCodester Sales Tracker Management System manage_client.php sql injection
CVE-2023-1291

9.8CRITICAL

Key Information:

Vendor
SourceCodester
Status
Sales Tracker Management System
Vendor
CVE Published:
9 March 2023

Summary

A security vulnerability has been identified within the SourceCodester Sales Tracker Management System 1.0, located in the manage_client.php file of the admin directory. The vulnerability arises from improper validation of the argument used in SQL queries, allowing for SQL injection attacks. This flaw enables attackers to manipulate the 'id' argument, which may lead to unauthorized access and data exposure. Given its remote exploitation capability, security measures should be taken immediately to mitigate potential risks associated with this vulnerability.

Affected Version(s)

Sales Tracker Management System 1.0

References

https://vuldb.com/?id.222645
vdb-entrytechnical-description
https://vuldb.com/?ctiid.222645
signaturepermissions-required
https://github.com/Mart1nD0t/vul-test/blob/main/sts-2.md
exploit

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

yangxuelin (VulDB User)
.