SourceCodester Covid-19 Contact Tracing System manage.php sql injection
CVE-2023-2677

8.8HIGH

Key Information:

Vendor

SourceCodester
Status
Covid-19 Contact Tracing System
Vendor
CVE Published:
12 May 2023

What is CVE-2023-2677?

A vulnerability has been identified in the SourceCodester Covid-19 Contact Tracing System version 1.0, specifically affecting the admin area. The flaw lies in the manipulation of the 'id' parameter within the manage.php file, which can allow an attacker to execute SQL injection attacks. This type of vulnerability could enable unauthorized access to sensitive data and potentially compromise the integrity and confidentiality of the system. Given that the exploit is publicly disclosed, immediate mitigation is essential to prevent potential attacks.

Affected Version(s)

Covid-19 Contact Tracing System 1.0

References

https://vuldb.com/?id.228891
vdb-entrytechnical-description
https://vuldb.com/?ctiid.228891
signaturepermissions-required
https://github.com/BacteriaJun/cve/blob/main/SQL.md
exploit

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

TangJun (VulDB User)
JSON
.
CVE-2023-2677 : SourceCodester Covid-19 Contact Tracing System manage.php sql injection