SourceCodester Complaint Management System GET Parameter userprofile.php sql injection
CVE-2023-2089

8.8HIGH

Key Information:

Vendor

SourceCodester
Status
Complaint Management System
Vendor
CVE Published:
15 April 2023

What is CVE-2023-2089?

A security flaw has been identified in the SourceCodester Complaint Management System 1.0 that allows attackers to perform SQL Injection via the uid parameter in the /admin/userprofile.php file. This vulnerability may enable unauthorized remote access to manipulate the database, potentially leading to sensitive information leakage or data manipulation. As the exploit is publicly disclosed, it poses a significant threat and users are advised to implement security measures immediately.

Affected Version(s)

Complaint Management System 1.0

References

https://vuldb.com/?id.226097
vdb-entrytechnical-description
https://vuldb.com/?ctiid.226097
signaturepermissions-required
https://github.com/winkle175/bug_report/blob/main/SQLi-1.md
exploit

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

808bass (VulDB User)
.
CVE-2023-2089 : SourceCodester Complaint Management System GET Parameter userprofile.php sql injection