SourceCodester Online Graduate Tracer System admin_cs.php mysqli_query sql injection
CVE-2023-1293

8.1HIGH

Key Information:

Vendor
SourceCodester
Status
Online Graduate Tracer System
Vendor
CVE Published:
9 March 2023

Summary

A vulnerability exists in the SourceCodester Online Graduate Tracer System version 1.0 that allows attackers to execute unauthorized SQL commands through the admin_cs.php file's mysqli_query function. This SQL injection can be exploited remotely, permitting potential manipulation of the database without proper authentication. The complexity associated with exploiting this vulnerability is high, but it has been publicly disclosed, increasing the risk of attack. Users of this system should take immediate action to mitigate exposure.

Affected Version(s)

Online Graduate Tracer System 1.0

References

https://vuldb.com/?id.222647
vdb-entrytechnical-description
https://vuldb.com/?ctiid.222647
signaturepermissions-required
https://blog.csdn.net/weixin_43864034/article/details/129...
broken-linkexploit

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database

Credit

bit3hh (VulDB User)
.