PHPGurukul BP Monitoring Management System Change Password change-password.php sql injection
CVE-2023-1949

9.8CRITICAL

Key Information:

Vendor

PHPGurukul
Status
BP Monitoring Management System
Vendor
CVE Published:
8 April 2023

What is CVE-2023-1949?

A vulnerability exists in the BP Monitoring Management System 1.0, specifically within the Change Password Handler component. This issue occurs in the change-password.php file due to inadequate validation of the password parameter, allowing an attacker to manipulate input values and execute unauthorized SQL commands. The vulnerability facilitates remote exploitation, posing a significant risk to the integrity and confidentiality of the application's database. With the exploit details made publicly available, swift remediation is essential to mitigate potential threats.

Affected Version(s)

BP Monitoring Management System 1.0

References

https://vuldb.com/?id.225336
vdb-entrytechnical-description
https://vuldb.com/?ctiid.225336
signaturepermissions-required
https://github.com/vsdwef/BP-Monitoring-Management-System...
exploit

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

carrie.lee (VulDB User)
.
CVE-2023-1949 : PHPGurukul BP Monitoring Management System Change Password change-password.php sql injection