code-projects Bus Dispatch and Information System view_admin.php sql injection
CVE-2023-2773

8.8HIGH

Key Information:

Vendor
code-projects
Status
Bus Dispatch and Information System
Vendor
CVE Published:
17 May 2023

Summary

A security vulnerability has been identified in the Bus Dispatch and Information System version 1.0, specifically in the view_admin.php file. The vulnerability arises from improper handling of the 'adminid' parameter, which allows attackers to execute SQL injection attacks remotely. This flaw can be exploited by sending specially crafted input to the application, potentially compromising the integrity of the database and exposing sensitive information. The vulnerability has been publicly disclosed, increasing the risk of exploitation, and it is crucial for users of this software to apply available patches and monitor for any signs of unauthorized access.

Affected Version(s)

Bus Dispatch and Information System 1.0

References

https://vuldb.com/?id.229279
vdb-entrytechnical-description
https://vuldb.com/?ctiid.229279
signaturepermissions-required
https://gitee.com/zyz0103/system-vul/blob/master/Bus%20Di...
exploitpatch

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

zyz1 (VulDB User)
.
CVE-2023-2773 : code-projects Bus Dispatch and Information System view_admin.php sql injection | SecurityVulnerability.io