SourceCodester Young Entrepreneur E-Negosyo System login.php sql injection
CVE-2023-1737

7.3HIGH

Key Information:

Vendor: Sourcecodester
Status: Young Entrepreneur E-negosyo System
Vendor: CVE Published:; 30 March 2023

🔔 Create Sourcecodester Vulnerability Alert

What is CVE-2023-1737?

A significant SQL injection vulnerability exists in the SourceCodester Young Entrepreneur E-Negosyo System version 1.0, specifically affecting the login.php file. This flaw allows attackers to manipulate the U_USERNAME parameter, leading to unauthorized access and potential data exposure. The vulnerability can be exploited remotely, enabling malicious actors to execute arbitrary SQL commands and possibly compromise the database integrity.

Affected Version(s)

Young Entrepreneur E-Negosyo System 1.0

References

https://vuldb.com/?id.224625

vdb-entrytechnical-description

https://vuldb.com/?ctiid.224625

signature

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 30, 2023
Vulnerability Reserved
Mar 30, 2023

Credit

WWesleywww (VulDB User)

JSON