SourceCodester Service Provider Management System HTTP POST Request sql injection
CVE-2023-2344

9.8CRITICAL

Key Information:

Vendor
SourceCodester
Status
Service Provider Management System
Vendor
CVE Published:
27 April 2023

Summary

A SQL injection vulnerability has been identified in SourceCodester's Service Provider Management System 1.0. This vulnerability resides within the HTTP POST Request Handler, specifically in the manipulation of the argument name in the file /classes/Master.php?f=save_service. Attackers can exploit this weakness remotely, potentially gaining unauthorized access to the database and compromising sensitive information. Public disclosure of the exploit has raised concerns, urging users to apply recommended security measures immediately to mitigate the risks.

Affected Version(s)

Service Provider Management System 1.0

References

https://vuldb.com/?id.227587
vdb-entrytechnical-description
https://vuldb.com/?ctiid.227587
signaturepermissions-required
http://cdn.polowong.top/image-20230427193041378.png
exploit

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

polowong (VulDB User)
.