SourceCodester Medical Certificate Generator App action.php sql injection
CVE-2023-1566

9.8CRITICAL

Key Information:

Vendor
SourceCodester
Status
Medical Certificate Generator App
Vendor
CVE Published:
22 March 2023

Summary

A vulnerability in the SourceCodester Medical Certificate Generator App version 1.0 allows for SQL injection via the manipulation of the 'id' parameter in the action.php file. This flaw permits remote attackers to execute arbitrary SQL commands, potentially exposing sensitive data or compromising the application's integrity. Prompt remediation is essential, as the exploit has been made public, increasing the risk of exploitation.

Affected Version(s)

Medical Certificate Generator App 1.0

References

https://vuldb.com/?id.223558
vdb-entrytechnical-description
https://vuldb.com/?ctiid.223558
signaturepermissions-required
https://github.com/E1CHO/cve_hub/blob/main/Medical%20Cert...
exploit

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)
.