SourceCodester Lost and Found Information System GET Parameter view.php sql injection
CVE-2023-2672
9.8CRITICAL
What is CVE-2023-2672?
A SQL injection vulnerability exists in the Lost and Found Information System (version 1.0) due to improper handling of GET parameters in the items/view.php file. This allows attackers to manipulate the 'id' argument, enabling the execution of unauthorized SQL commands on the server. Remote attackers can exploit this vulnerability, potentially compromising the application's database and exposing sensitive information.
Affected Version(s)
Lost and Found Information System 1.0