SourceCodester Task Reminder System sql injection
CVE-2023-2154
7.2HIGH
Summary
A SQL injection vulnerability has been identified in SourceCodester Task Reminder System 1.0, specifically within the /admin/?page=reminders/view_reminder endpoint. This vulnerability allows an attacker to manipulate the 'id' argument to execute arbitrary SQL commands, potentially compromising the database. The attack can be initiated remotely, making it a significant risk for web application security. The vulnerability has been made public, increasing the urgency for affected users to implement remedial measures.
Affected Version(s)
Task Reminder System 1.0
References
CVSS V3.1
Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Gab3 (VulDB User)