SourceCodester Billing Management System POST Parameter ajax_service.php sql injection
CVE-2023-2595

9.8CRITICAL

Key Information:

Vendor
SourceCodester
Status
Billing Management System
Vendor
CVE Published:
9 May 2023

Summary

A vulnerability in the SourceCodester Billing Management System exposes the ajax_service.php file to SQL injection via improper handling of the 'drop_services' parameter. This weakness allows attackers to execute unauthorized SQL commands, potentially compromising sensitive data. The attack can be executed remotely, increasing the risk of exploitation. Awareness and timely remediation are essential, especially since the details of this vulnerability have been made public.

Affected Version(s)

Billing Management System 1.0

References

https://vuldb.com/?id.228397
vdb-entrytechnical-description
https://vuldb.com/?ctiid.228397
signaturepermissions-required
https://github.com/Yastar/bug_report/blob/main/SQLi-1.md
exploit

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

yastar (VulDB User)
.