SourceCodester Service Provider Management System sql injection
CVE-2023-2769

8.8HIGH

Key Information:

Vendor
SourceCodester
Status
Service Provider Management System
Vendor
CVE Published:
17 May 2023

Summary

A SQL injection vulnerability has been identified in SourceCodester's Service Provider Management System 1.0, specifically in the file /classes/Master.php?f=delete_service. This weakness allows attackers to manipulate the 'id' parameter, potentially enabling remote exploitation. With public disclosure of the exploit, this issue poses a significant risk, necessitating immediate attention and remediation for affected users.

Affected Version(s)

Service Provider Management System 1.0

References

https://vuldb.com/?id.229275
vdb-entrytechnical-description
https://vuldb.com/?ctiid.229275
signaturepermissions-required
https://github.com/xiahao90/CVEproject/blob/main/xiahao.w...
exploit

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

webray.com.cn (VulDB User)
.