SourceCodester Judging Management System summary_results.php sql injection
CVE-2023-1556

9.8CRITICAL

Key Information:

Vendor
SourceCodester
Status
Judging Management System
Vendor
CVE Published:
22 March 2023

Summary

A vulnerability exists in the file summary_results.php of the SourceCodester Judging Management System version 1.0 that allows attackers to manipulate the main_event_id argument, leading to SQL injection. This flaw can be exploited remotely, enabling malicious users to execute arbitrary SQL commands against the database. Due to its public disclosure, it poses a significant security risk, necessitating immediate attention from users to mitigate potential exploitation.

Affected Version(s)

Judging Management System 1.0

References

https://vuldb.com/?id.223549
vdb-entrytechnical-description
https://vuldb.com/?ctiid.223549
signaturepermissions-required
https://github.com/debug601/bug_report/blob/main/vendors/...
exploit

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

tks_ (VulDB User)
.