SourceCodester Online Graduate Tracer System bsitemp.php mysqli_query sql injection
CVE-2023-1394
9.8CRITICAL
What is CVE-2023-1394?
A vulnerability exists in the SourceCodester Online Graduate Tracer System 1.0 that allows an attacker to manipulate the 'id' argument in the mysqli_query function located in the bsitemp.php file. This may lead to unauthorized access and data disclosure via SQL injection attacks. The vulnerability is remotely exploitable and has been publicly disclosed, making it vital for affected users to implement security measures immediately to mitigate potential risks.
Affected Version(s)
Online Graduate Tracer System 1.0