SourceCodester Friendly Island Pizza Website and Ordering System POST Parameter paypalsuccess.php sql injection
CVE-2023-1378

9.8CRITICAL

Key Information:

Vendor
SourceCodester
Status
Friendly Island Pizza Website and Ordering System
Vendor
CVE Published:
13 March 2023

Summary

A SQL injection vulnerability exists within the Friendly Island Pizza Website and Ordering System, specifically in the paypalsuccess.php file's POST Parameter Handler. This flaw arises from improper handling of the 'cusid' argument, allowing attackers to manipulate SQL queries. This exploitation can be conducted remotely, posing a significant risk to the integrity of the database and sensitive user information. Public disclosure of the vulnerability has raised concerns, emphasizing the need for prompt security measures to mitigate potential attacks.

Affected Version(s)

Friendly Island Pizza Website and Ordering System 1.0

References

https://vuldb.com/?id.222904
vdb-entrytechnical-description
https://vuldb.com/?ctiid.222904
signaturepermissions-required
https://github.com/ATW-BlockN/bug_report/blob/main/vendor...
broken-linkexploit

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Zheng Yang (VulDB User)
.