code-projects Bus Dispatch and Information System view_admin.php sql injection
CVE-2023-2773
8.8HIGH
What is CVE-2023-2773?
A security vulnerability has been identified in the Bus Dispatch and Information System version 1.0, specifically in the view_admin.php file. The vulnerability arises from improper handling of the 'adminid' parameter, which allows attackers to execute SQL injection attacks remotely. This flaw can be exploited by sending specially crafted input to the application, potentially compromising the integrity of the database and exposing sensitive information. The vulnerability has been publicly disclosed, increasing the risk of exploitation, and it is crucial for users of this software to apply available patches and monitor for any signs of unauthorized access.
Affected Version(s)
Bus Dispatch and Information System 1.0