SourceCodester Billing Management System GET Parameter editproduct.php sql injection
CVE-2023-2689
8.8HIGH
What is CVE-2023-2689?
A vulnerability affecting the SourceCodester Billing Management System version 1.0 has been identified, allowing SQL injection through manipulation of the 'id' parameter in the editproduct.php file. This flaw enables an attacker to execute arbitrary SQL queries, which may lead to unauthorized access to sensitive data. The vulnerability can be exploited remotely, raising potential risks for data integrity and confidentiality. The exploit details are publicly disclosed, highlighting the urgency for users to apply security measures.
Affected Version(s)
Billing Management System 1.0