Campcodes Coffee Shop POS System manage_sale.php sql injection
CVE-2023-2214

7.5HIGH

Key Information:

Vendor
Campcodes
Status
Coffee Shop POS System
Vendor
CVE Published:
21 April 2023

Summary

A security issue has been identified in Campcodes Coffee Shop POS System 1.0, allowing attackers to manipulate the 'id' argument in the /admin/sales/manage_sale.php file. This vulnerability could enable unauthorized SQL injection attacks, potentially letting attackers retrieve or modify sensitive data remotely. The public disclosure of this exploit emphasizes the urgency of applying security measures to protect against unauthorized access and ensure user data integrity.

Affected Version(s)

Coffee Shop POS System 1.0

References

https://vuldb.com/?id.226979
vdb-entrytechnical-description
https://vuldb.com/?ctiid.226979
signaturepermissions-required
https://github.com/E1CHO/cve_hub/blob/main/Coffee%20Shop%...
exploit

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)
.
CVE-2023-2214 : Campcodes Coffee Shop POS System manage_sale.php sql injection | SecurityVulnerability.io