SourceCodester Online Graduate Tracer System bsitemp.php mysqli_query sql injection
CVE-2023-1394

9.8CRITICAL

Key Information:

Vendor

SourceCodester
Status
Online Graduate Tracer System
Vendor
CVE Published:
14 March 2023

What is CVE-2023-1394?

A vulnerability exists in the SourceCodester Online Graduate Tracer System 1.0 that allows an attacker to manipulate the 'id' argument in the mysqli_query function located in the bsitemp.php file. This may lead to unauthorized access and data disclosure via SQL injection attacks. The vulnerability is remotely exploitable and has been publicly disclosed, making it vital for affected users to implement security measures immediately to mitigate potential risks.

Affected Version(s)

Online Graduate Tracer System 1.0

References

https://vuldb.com/?id.222981
vdb-entrytechnical-description
https://vuldb.com/?ctiid.222981
signaturepermissions-required
https://blog.csdn.net/Dwayne_Wade/article/details/129522869
exploit

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

bit3hh (VulDB User)
.