SourceCodester Lost and Found Information System GET Parameter sql injection
CVE-2023-2699
9.8CRITICAL
What is CVE-2023-2699?
A security flaw has been identified within the SourceCodester Lost and Found Information System version 1.0. This vulnerability resides in the admin panel, specifically in the GET parameter handler associated with the file admin/?page=items/view_item. By manipulating the 'id' argument, an attacker could execute SQL injection attacks. This issue can be exploited remotely, allowing unauthorized access to sensitive data. The vulnerability details have been publicly disclosed, increasing the risk of exploitation.
Affected Version(s)
Lost and Found Information System 1.0