code-projects Bus Dispatch and Information System adminHome.php sql injection
CVE-2023-2775
8.8HIGH
What is CVE-2023-2775?
A SQL Injection vulnerability has been identified in version 1.0 of the Bus Dispatch and Information System developed by Code-Projects. This vulnerability occurs due to improper handling of the 'reach_city' argument within the 'adminHome.php' file, allowing attackers to manipulate queries executed against the database. As a result, unauthorized users may execute arbitrary SQL statements, leading to potential data breaches or application compromise. The vulnerability is remotely exploitable, making it critical for users to implement necessary security measures immediately. Public disclosure has been made, and relevant identifiers have been assigned for tracking and remediation purposes.
Affected Version(s)
Bus Dispatch and Information System 1.0