SourceCodester Design and Implementation of Covid-19 Directory on Vaccination System login.php sql injection
CVE-2023-1352

8.1HIGH

Key Information:

Vendor

SourceCodester
Status
Design and Implementation of Covid-19 Directory on Vaccination System
Vendor
CVE Published:
11 March 2023

What is CVE-2023-1352?

A SQL injection vulnerability has been identified in the remote login functionality of SourceCodester's Covid-19 Directory on Vaccination System version 1.0. This vulnerability arises from improper handling of user inputs in the /admin/login.php file, specifically the txtusername and txtpassword parameters. An attacker could exploit this flaw by executing crafted SQL queries to manipulate the database, potentially gaining unauthorized access to sensitive information. Given the complexity of the exploit, it is recommended that users update their systems and apply necessary security measures to mitigate potential damage.

Affected Version(s)

Design and Implementation of Covid-19 Directory on Vaccination System 1.0

References

https://vuldb.com/?id.222851
vdb-entrytechnical-description
https://vuldb.com/?ctiid.222851
signaturepermissions-required
https://github.com/E1CHO/cve_hub/blob/main/covid-19-vacci...
exploit

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)
JSON
.