SourceCodester Complaint Management System GET Parameter userprofile.php sql injection
CVE-2023-2089
8.8HIGH
What is CVE-2023-2089?
A security flaw has been identified in the SourceCodester Complaint Management System 1.0 that allows attackers to perform SQL Injection via the uid parameter in the /admin/userprofile.php file. This vulnerability may enable unauthorized remote access to manipulate the database, potentially leading to sensitive information leakage or data manipulation. As the exploit is publicly disclosed, it poses a significant threat and users are advised to implement security measures immediately.
Affected Version(s)
Complaint Management System 1.0