SourceCodester Sales Tracker Management System Master.php delete_client sql injection
CVE-2023-1292

9.8CRITICAL

Key Information:

Vendor
SourceCodester
Status
Sales Tracker Management System
Vendor
CVE Published:
9 March 2023

Summary

A vulnerability has been identified in SourceCodester's Sales Tracker Management System version 1.0, where improper handling of the 'id' argument in the delete_client function within classes/Master.php allows attackers to execute SQL injection attacks. This flaw is exploitable remotely, facilitating unauthorized access to the database and the potential unauthorized manipulation of data. Given the public disclosure of the exploit, immediate remediation is essential to safeguard sensitive information from malicious entities.

Affected Version(s)

Sales Tracker Management System 1.0

References

https://vuldb.com/?id.222646
vdb-entrytechnical-description
https://vuldb.com/?ctiid.222646
signaturepermissions-required
https://github.com/Mart1nD0t/vul-test/blob/main/sts-3.md
exploit

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

yangxuelin (VulDB User)
.