code-projects Bus Dispatch and Information System adminHome.php sql injection
CVE-2023-2775

8.8HIGH

Key Information:

Vendor
code-projects
Status
Bus Dispatch and Information System
Vendor
CVE Published:
17 May 2023

Summary

A SQL Injection vulnerability has been identified in version 1.0 of the Bus Dispatch and Information System developed by Code-Projects. This vulnerability occurs due to improper handling of the 'reach_city' argument within the 'adminHome.php' file, allowing attackers to manipulate queries executed against the database. As a result, unauthorized users may execute arbitrary SQL statements, leading to potential data breaches or application compromise. The vulnerability is remotely exploitable, making it critical for users to implement necessary security measures immediately. Public disclosure has been made, and relevant identifiers have been assigned for tracking and remediation purposes.

Affected Version(s)

Bus Dispatch and Information System 1.0

References

https://vuldb.com/?id.229281
vdb-entrytechnical-description
https://vuldb.com/?ctiid.229281
signaturepermissions-required
https://github.com/mrwwrrhh/Bus_Dispatch_and_Information_...
exploitpatch

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

RonghanWu (VulDB User)
.
CVE-2023-2775 : code-projects Bus Dispatch and Information System adminHome.php sql injection | SecurityVulnerability.io