SQL Injection Vulnerability in Sourcecodester Packers and Movers Management System
CVE-2023-30415

9.8CRITICAL

Key Information:

Vendor: Oretnom23
Status: Packers And Movers Management System
Vendor: CVE Published:; 28 September 2023

What is CVE-2023-30415?

A SQL injection vulnerability was found in version 1.0 of the Sourcecodester Packers and Movers Management System, specifically through the 'id' parameter at /inquiries/view_inquiry.php. This vulnerability allows an attacker to manipulate database queries, potentially compromising sensitive data. Proper input validation and parameterized queries are necessary to mitigate the risk associated with this security flaw.

References

http://packetstormsecurity.com/files/174758/Packers-And-M...

https://robsware.github.io/2023/09/01/firstcve

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 28, 2023
Vulnerability Reserved
Apr 7, 2023

Oretnom23

What is CVE-2023-30415?

References

CVSS V3.1

Timeline