SourceCodester Lost and Found Information System GET Parameter sql injection
CVE-2023-2698
9.8CRITICAL
What is CVE-2023-2698?
The Lost and Found Information System by SourceCodester is susceptible to an SQL injection vulnerability due to insufficient validation of user input in the file admin/?page=items/manage_item. An attacker can manipulate the 'id' parameter in GET requests, allowing for unauthorized access to the database and potential data leaks. This vulnerability is particularly dangerous as it can be exploited remotely, putting sensitive data at risk. The exploit is publicly available, highlighting the importance of promptly addressing this security issue.
Affected Version(s)
Lost and Found Information System 1.0