SourceCodester Automatic Question Paper Generator System GET Parameter view_course.php sql injection
CVE-2023-1441

9.8CRITICAL

Key Information:

Vendor
SourceCodester
Status
Automatic Question Paper Generator System
Vendor
CVE Published:
17 March 2023

Summary

A vulnerability has been identified in the SourceCodester Automatic Question Paper Generator System version 1.0. This flaw arises from the improper handling of the 'id' parameter in the file admin/courses/view_course.php. An attacker can exploit this weakness remotely by manipulating the GET request, allowing for unauthorized database access and potentially compromising sensitive information. Publicly disclosed, this vulnerability poses a significant risk, making it essential for users to apply necessary security measures.

Affected Version(s)

Automatic Question Paper Generator System 1.0

References

https://vuldb.com/?id.223285
vdb-entrytechnical-description
https://vuldb.com/?ctiid.223285
signaturepermissions-required
https://github.com/SecurityYH/bug_report/blob/main/SQLi-1.md
exploit

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Evan (VulDB User)
.