SourceCodester Earnings and Expense Tracker App manage_user.php sql injection
CVE-2023-1785

9.8CRITICAL

Key Information:

Vendor: SourceCodester
Status: Earnings and Expense Tracker App
Vendor: CVE Published:; 31 March 2023

Summary

A vulnerability exists in the Earnings and Expense Tracker App by SourceCodester, specifically within the manage_user.php file. This issue arises from improper handling of the 'id' argument, which makes the application susceptible to SQL injection attacks. Attackers can exploit this vulnerability remotely, potentially allowing them to manipulate the database and access sensitive information. It's crucial for users of version 1.0 to apply security measures or patches to mitigate the risk associated with this vulnerability.

Affected Version(s)

Earnings and Expense Tracker App 1.0

References

https://vuldb.com/?id.224700

vdb-entrytechnical-description

https://vuldb.com/?ctiid.224700

signaturepermissions-required

https://github.com/web-zxl/img/blob/main/4.png

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 31, 2023
Vulnerability Reserved
Mar 31, 2023

Credit

aallll (VulDB User)