Campcodes Online Traffic Offense Management System Login.php sql injection
CVE-2023-2073

7.5HIGH

Key Information:

Vendor

Campcodes

Status
Online Traffic Offense Management System
Vendor
CVE Published:
14 April 2023

What is CVE-2023-2073?

A vulnerability exists in Campcodes Online Traffic Offense Management System 1.0, specifically within the /classes/Login.php file. This security flaw allows an attacker to manipulate the 'password' argument, leading to SQL injection. The nature of this vulnerability means it can be exploited remotely, potentially enabling unauthorized access to the system’s database and the sensitive data it holds. Public disclosure of the exploit increases the risk of attacks, emphasizing the urgent need for remediation.

Affected Version(s)

Online Traffic Offense Management System 1.0

References

https://vuldb.com/?id.226051
vdb-entrytechnical-description
https://vuldb.com/?ctiid.226051
signaturepermissions-required
https://github.com/E1CHO/cve_hub/blob/main/Online%20Traff...
exploit

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)
JSON
.