SourceCodester Billing Management System POST Parameter ajax_service.php sql injection
CVE-2023-2595
9.8CRITICAL
What is CVE-2023-2595?
A vulnerability in the SourceCodester Billing Management System exposes the ajax_service.php file to SQL injection via improper handling of the 'drop_services' parameter. This weakness allows attackers to execute unauthorized SQL commands, potentially compromising sensitive data. The attack can be executed remotely, increasing the risk of exploitation. Awareness and timely remediation are essential, especially since the details of this vulnerability have been made public.
Affected Version(s)
Billing Management System 1.0