SourceCodester Billing Management System GET Parameter editproduct.php sql injection
CVE-2023-2689

8.8HIGH

Key Information:

Vendor

SourceCodester
Status
Billing Management System
Vendor
CVE Published:
14 May 2023

What is CVE-2023-2689?

A vulnerability affecting the SourceCodester Billing Management System version 1.0 has been identified, allowing SQL injection through manipulation of the 'id' parameter in the editproduct.php file. This flaw enables an attacker to execute arbitrary SQL queries, which may lead to unauthorized access to sensitive data. The vulnerability can be exploited remotely, raising potential risks for data integrity and confidentiality. The exploit details are publicly disclosed, highlighting the urgency for users to apply security measures.

Affected Version(s)

Billing Management System 1.0

References

https://vuldb.com/?id.228970
vdb-entrytechnical-description
https://vuldb.com/?ctiid.228970
signaturepermissions-required
https://github.com/niyuchunqiu/cve/blob/main/SQL.md
exploit

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

lixu (VulDB User)
.