code-projects Bus Dispatch and Information System view_branch.php sql injection
CVE-2023-2774

6.3MEDIUM

Key Information:

Vendor
Code-projects
Status
Bus Dispatch And Information System
Vendor
CVE Published:
17 May 2023

Summary

A SQL injection vulnerability has been discovered in the Bus Dispatch and Information System version 1.0, specifically within the view_branch.php file. The vulnerability allows an attacker, potentially remotely, to manipulate the branchid argument, leading to unauthorized access to the database. This could expose sensitive information or disrupt normal operations. The exploit has been publicly disclosed, increasing the risk of attacks against users still operating this version.

Affected Version(s)

Bus Dispatch and Information System 1.0

References

https://vuldb.com/?id.229280
vdb-entrytechnical-description
https://vuldb.com/?ctiid.229280
signaturepermissions-required
https://github.com/mrwwrrhh/Bus_Dispatch_and_Information_...
exploitpatch

CVSS V3.1

Score:
6.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

RonghanWu (VulDB User)
.
CVE-2023-2774 : code-projects Bus Dispatch and Information System view_branch.php sql injection | SecurityVulnerability.io