SourceCodester Judging Management System edit_contestant.php sql injection
CVE-2023-2108

9.8CRITICAL

Key Information:

Vendor
SourceCodester
Status
Judging Management System
Vendor
CVE Published:
16 April 2023

Summary

A vulnerability has been identified in SourceCodester's Judging Management System version 1.0, specifically within the file edit_contestant.php. The flaw arises from inadequate validation of the argument contestant_id, allowing for SQL injection attacks that can be executed remotely. This weakness exposes the system to potential unauthorized data access and manipulation, making it essential for users and administrators to implement mitigating measures. Publicly disclosed exploits could lead to widespread attempts to leverage this vulnerability.

Affected Version(s)

Judging Management System 1.0

References

https://vuldb.com/?id.226147
vdb-entrytechnical-description
https://vuldb.com/?ctiid.226147
signaturepermissions-required
https://github.com/hackerzyq/mycve/blob/main/vendors/oret...
exploit

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

zhengyiqun (VulDB User)
.