SourceCodester Air Cargo Management System GET Parameter update_status.php sql injection
CVE-2023-1564

9.8CRITICAL

Key Information:

Vendor
SourceCodester
Status
Air Cargo Management System
Vendor
CVE Published:
22 March 2023

Summary

A security flaw has been identified in the Air Cargo Management System 1.0 from SourceCodester, related to the file admin/transactions/update_status.php. This vulnerability allows for SQL injection through manipulation of the 'id' parameter, enabling remote attacks that compromise database integrity. The exploit has been publicly disclosed, exposing systems to potential threats, underscoring the need for immediate remediation to safeguard sensitive data.

Affected Version(s)

Air Cargo Management System 1.0

References

https://vuldb.com/?id.223556
vdb-entrytechnical-description
https://vuldb.com/?ctiid.223556
signaturepermissions-required
https://github.com/333123www/bug_report/blob/main/SQLi-1.md
exploit

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

133233 (VulDB User)
.