SourceCodester Friendly Island Pizza Website and Ordering System GET Parameter large.php sql injection
CVE-2023-1311

9.8CRITICAL

Key Information:

Vendor
SourceCodester
Status
Friendly Island Pizza Website and Ordering System
Vendor
CVE Published:
10 March 2023

Summary

A vulnerability was discovered in the Friendly Island Pizza Website and Ordering System 1.0, specifically in the GET Parameter Handler located in large.php. An attacker can exploit this SQL injection vulnerability by manipulating the 'id' parameter, potentially allowing unauthorized access to the database. This vulnerability can be triggered remotely, making it critical for users to implement preventive measures promptly. The exploit has been publicly disclosed, increasing the urgency for systems using this software to secure their applications.

Affected Version(s)

Friendly Island Pizza Website and Ordering System 1.0

References

https://vuldb.com/?id.222699
vdb-entrytechnical-description
https://vuldb.com/?ctiid.222699
signaturepermissions-required
https://github.com/tangtangtang123456/bug_report/blob/mai...
exploit

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

tangtangtang123456 (VulDB User)
.