Campcodes Advanced Online Voting System positions_row.php sql injection
CVE-2023-2051
9.8CRITICAL
Summary
A SQL injection vulnerability has been identified in Campcodes Advanced Online Voting System version 1.0. This issue resides in an unspecified function of the /admin/positions_row.php file, where manipulation of the 'id' argument can lead to unauthorized access and potential data compromise. The vulnerability allows for remote exploitation, making it crucial for users to update to a secure version to mitigate risks associated with unauthorized database access. Security practitioners should remain vigilant, as this flaw has been disclosed publicly and may currently be under active exploitation.
Affected Version(s)
Advanced Online Voting System 1.0
References
CVSS V3.1
Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)