SourceCodester Young Entrepreneur E-Negosyo System sql injection
CVE-2023-1738

9.8CRITICAL

Key Information:

Vendor: SourceCodester
Status: Young Entrepreneur E-Negosyo System
Vendor: CVE Published:; 30 March 2023

Summary

A vulnerability exists in the SourceCodester Young Entrepreneur E-Negosyo System 1.0, specifically within the index.php file where the search parameter can be manipulated. This flaw opens the door for attackers to execute arbitrary SQL queries, potentially leading to unauthorized data access or manipulation. The issue can be exploited remotely, making it imperative for users and administrators to address this vulnerability promptly to secure their systems against potential threats.

Affected Version(s)

Young Entrepreneur E-Negosyo System 1.0

References

https://vuldb.com/?id.224626

vdb-entrytechnical-description

https://vuldb.com/?ctiid.224626

signature

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 30, 2023
Vulnerability Reserved
Mar 30, 2023

Credit

WWesleywww (VulDB User)