SourceCodester Food Ordering Management System Registration sql injection
CVE-2023-2594

9.8CRITICAL

Key Information:

Vendor: SourceCodester
Status: Food Ordering Management System
Vendor: CVE Published:; 9 May 2023

Badges

👾 Exploit Exists🟡 Public PoC

Summary

The SourceCodester Food Ordering Management System version 1.0 suffers from a SQL injection vulnerability in the registration component's username argument. This flaw allows remote attackers to manipulate queries, potentially leading to unauthorized access and compromise of the database. Proper input validation and sanitization are essential to mitigate this issue.

Affected Version(s)

Food Ordering Management System 1.0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2023-2594
Created by thehackingverse

References

https://vuldb.com/?id.228396

vdb-entrytechnical-description

https://vuldb.com/?ctiid.228396

signature

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

🟡
Public PoC available
May 10, 2023
👾
Exploit known to exist
May 10, 2023
Vulnerability published
May 9, 2023
Vulnerability Reserved
May 9, 2023

Credit

dewanritik (VulDB User)