Campcodes Advanced Online Voting System positions_add.php sql injection
CVE-2023-2050

9.8CRITICAL

Key Information:

Vendor
Campcodes
Status
Advanced Online Voting System
Vendor
CVE Published:
14 April 2023

Summary

A security vulnerability in Campcodes Advanced Online Voting System 1.0 allows for SQL injection through improper processing of the argument description in the file /admin/positions_add.php. Remote attackers can exploit this vulnerability to manipulate database queries, potentially leading to unauthorized data access or modification. As this exploit has been made public, it is crucial for organizations using this system to implement security measures to mitigate risks.

Affected Version(s)

Advanced Online Voting System 1.0

References

https://vuldb.com/?id.225935
vdb-entrytechnical-description
https://vuldb.com/?ctiid.225935
signaturepermissions-required
https://github.com/E1CHO/cve_hub/blob/main/Advanced%20Onl...
exploit

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)
.
CVE-2023-2050 : Campcodes Advanced Online Voting System positions_add.php sql injection | SecurityVulnerability.io