SourceCodester Task Reminder System sql injection
CVE-2023-2154

7.2HIGH

Key Information:

Vendor

SourceCodester
Status
Task Reminder System
Vendor
CVE Published:
18 April 2023

What is CVE-2023-2154?

A SQL injection vulnerability has been identified in SourceCodester Task Reminder System 1.0, specifically within the /admin/?page=reminders/view_reminder endpoint. This vulnerability allows an attacker to manipulate the 'id' argument to execute arbitrary SQL commands, potentially compromising the database. The attack can be initiated remotely, making it a significant risk for web application security. The vulnerability has been made public, increasing the urgency for affected users to implement remedial measures.

Affected Version(s)

Task Reminder System 1.0

References

https://vuldb.com/?id.226275
vdb-entrytechnical-description
https://vuldb.com/?ctiid.226275
signaturepermissions-required
https://youtu.be/teK82KkWtdA
media-coverage

CVSS V3.1

Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Gab3 (VulDB User)
.