SQL Injection Vulnerability in Raffle Draw System by SourceCodester
CVE-2023-24201

9.8CRITICAL

Key Information:

Vendor: Oretnom23
Status: Raffle Draw System
Vendor: CVE Published:; 6 February 2023

What is CVE-2023-24201?

The Raffle Draw System v1.0 has a SQL injection vulnerability that can be exploited via the 'id' parameter in the get_ticket.php file. This issue allows attackers to interfere with the queries made to the database, potentially allowing unauthorized access to sensitive information or manipulation of the database. Proper input validation and sanitation are essential to mitigate this type of vulnerability.

References

https://www.sourcecodester.com/php/15951/raffle-draw-syst...

https://github.com/xiumulty/CVE/blob/main/Raffle%20draw%2...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 6, 2023
Vulnerability Reserved
Jan 23, 2023

Oretnom23

What is CVE-2023-24201?

References

CVSS V3.1

Timeline