SourceCodester Monitoring of Students Cyber Accounts System POST Parameter login.php sql injection
CVE-2023-1480

9.8CRITICAL

Key Information:

Vendor

SourceCodester
Status
Monitoring of Students Cyber Accounts System
Vendor
CVE Published:
18 March 2023

What is CVE-2023-1480?

A security flaw has been identified in the SourceCodester Monitoring of Students Cyber Accounts System, specifically within the login.php file responsible for handling POST parameters. An attacker can exploit this vulnerability by manipulating the 'un' parameter, leading to unauthorized SQL query execution. This remote exploit can compromise the integrity of the database and expose sensitive information, necessitating immediate attention from users of this system.

Affected Version(s)

Monitoring of Students Cyber Accounts System 1.0

References

https://vuldb.com/?id.223363
vdb-entrytechnical-description
https://vuldb.com/?ctiid.223363
signaturepermissions-required
https://github.com/xyaly163/bug_report/blob/main/SQLi-1.md
exploit

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Xue Yue (VulDB User)
JSON
.