SourceCodester Sales Tracker Management System GET Parameter manage_product.php sql injection
CVE-2023-1983

9.8CRITICAL

Key Information:

Vendor
SourceCodester
Status
Sales Tracker Management System
Vendor
CVE Published:
11 April 2023

Summary

A SQL injection vulnerability exists in the Sales Tracker Management System 1.0 by SourceCodester, specifically in the file /admin/products/manage_product.php within the GET Parameter Handler module. This flaw allows an attacker to manipulate the 'id' parameter, potentially leading to unauthorized access to the database. The vulnerability can be exploited remotely, making it imperative for users to address it promptly. The public disclosure of this exploit heightens the urgency, and users are advised to implement security measures to safeguard their data.

Affected Version(s)

Sales Tracker Management System 1.0

References

https://vuldb.com/?id.225530
vdb-entrytechnical-description
https://vuldb.com/?ctiid.225530
signaturepermissions-required
https://github.com/graywar1/bug_report/blob/main/SQLi.md
exploit

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Peony (VulDB User)
.