SQL Injection Vulnerability in Art Gallery Management System by PHP Gurukul
CVE-2023-23163

9.8CRITICAL

Key Information:

Vendor: PHPgurukul
Status: Art Gallery Management System
Vendor: CVE Published:; 10 February 2023

Summary

The Art Gallery Management System Project version 1.0 has been identified to have a SQL injection vulnerability that can be exploited through the 'editid' parameter. This type of vulnerability allows an attacker to manipulate SQL queries and potentially gain unauthorized access to the database, extract sensitive data, or even perform administrative operations. Users of this system should prioritize applying patches and reviewing their input validation mechanisms to mitigate the risk posed by this vulnerability.

References

https://phpgurukul.com/projects/Art-Gallery-MS-PHP.zip

https://phpgurukul.com/art-gallery-management-system-usin...

https://github.com/rahulpatwari/CVE/blob/main/CVE-2023-23...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 10, 2023
Vulnerability Reserved
Jan 11, 2023

Collectors

NVD DatabaseMitre Database