SourceCodester Lost and Found Information System GET Parameter sql injection
CVE-2023-2669
9.8CRITICAL
What is CVE-2023-2669?
A vulnerability exists in the Lost and Found Information System by SourceCodester, where improper handling of GET parameters in the admin panel allows attackers to manipulate the 'id' argument. This flaw can lead to direct SQL injection attacks, enabling unauthorized access to sensitive data. Attackers can exploit this vulnerability remotely, posing a significant risk to the integrity and confidentiality of the database.
Affected Version(s)
Lost and Found Information System 1.0