code-projects Bus Dispatch and Information System delete_bus.php sql injection
CVE-2023-2951

9.1CRITICAL

Key Information:

Vendor
code-projects
Status
Bus Dispatch and Information System
Vendor
CVE Published:
28 May 2023

Summary

A SQL injection vulnerability exists within the code of the Bus Dispatch and Information System, specifically in an unknown function of the delete_bus.php file. By manipulating the busid argument, attackers can execute unauthorized SQL commands, potentially compromising the database. This vulnerability can be exploited remotely, making it critical for users to review their security measures and apply recommendations from the disclosed exploit to mitigate risks.

Affected Version(s)

Bus Dispatch and Information System 1.0

References

https://vuldb.com/?id.230112
vdb-entrytechnical-description
https://vuldb.com/?ctiid.230112
signaturepermissions-required
https://github.com/F1owerSugarzzz/Commit-Vulnerability-Cv...
exploitpatch

CVSS V3.1

Score:
9.1
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Songrui (VulDB User)
.
CVE-2023-2951 : code-projects Bus Dispatch and Information System delete_bus.php sql injection | SecurityVulnerability.io