Campcodes Coffee Shop POS System view_category.php sql injection
CVE-2023-2210

7.5HIGH

Key Information:

Vendor

Campcodes

Status
Coffee Shop POS System
Vendor
CVE Published:
21 April 2023

What is CVE-2023-2210?

A vulnerability discovered in the Campcodes Coffee Shop POS System 1.0 allows remote attackers to exploit an unspecified functionality in the /admin/categories/view_category.php file. This flaw involves manipulating the 'id' parameter, enabling SQL injection attacks that could compromise the integrity and confidentiality of the application's database. Mitigating this risk is essential to prevent unauthorized access and data leaks.

Affected Version(s)

Coffee Shop POS System 1.0

References

https://vuldb.com/?id.226975
vdb-entrytechnical-description
https://vuldb.com/?ctiid.226975
signaturepermissions-required
https://github.com/E1CHO/cve_hub/blob/main/Coffee%20Shop%...
exploit

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)
.
CVE-2023-2210 : Campcodes Coffee Shop POS System view_category.php sql injection