SourceCodester Task Reminder System sql injection
CVE-2023-2154

7.2HIGH

Key Information:

Vendor
CVE Published:
18 April 2023

Summary

A SQL injection vulnerability has been identified in SourceCodester Task Reminder System 1.0, specifically within the /admin/?page=reminders/view_reminder endpoint. This vulnerability allows an attacker to manipulate the 'id' argument to execute arbitrary SQL commands, potentially compromising the database. The attack can be initiated remotely, making it a significant risk for web application security. The vulnerability has been made public, increasing the urgency for affected users to implement remedial measures.

Affected Version(s)

Task Reminder System 1.0

References

CVSS V3.1

Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Gab3 (VulDB User)
.