code-projects Bus Dispatch and Information System delete_bus.php sql injection
CVE-2023-2951
9.1CRITICAL
What is CVE-2023-2951?
A SQL injection vulnerability exists within the code of the Bus Dispatch and Information System, specifically in an unknown function of the delete_bus.php file. By manipulating the busid argument, attackers can execute unauthorized SQL commands, potentially compromising the database. This vulnerability can be exploited remotely, making it critical for users to review their security measures and apply recommendations from the disclosed exploit to mitigate risks.
Affected Version(s)
Bus Dispatch and Information System 1.0