SourceCodester Simple Task Allocation System manage_user.php sql injection
CVE-2023-1791

9.8CRITICAL

Key Information:

Vendor
SourceCodester
Status
Simple Task Allocation System
Vendor
CVE Published:
2 April 2023

Summary

A vulnerability exists in the SourceCodester Simple Task Allocation System version 1.0 due to a SQL injection issue in the manage_user.php file. By manipulating the 'id' argument, an attacker can execute malicious SQL statements, potentially leading to unauthorized data access. This vulnerability can be exploited remotely, making it critical for users of this system to patch against the exploit. The public disclosure of this vulnerability may encourage attackers to target affected systems actively.

Affected Version(s)

Simple Task Allocation System 1.0

References

https://vuldb.com/?id.224743
vdb-entrytechnical-description
https://vuldb.com/?ctiid.224743
signaturepermissions-required
https://github.com/Pe4cefulSnow/SQL-Injection/blob/main/S...
broken-linkexploit

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Pe4cefulSnow (VulDB User)
.