SourceCodester Service Provider Management System view.php sql injection
CVE-2023-3119

8.8HIGH

Key Information:

Vendor

SourceCodester
Status
Service Provider Management System
Vendor
CVE Published:
6 June 2023

What is CVE-2023-3119?

The SourceCodester Service Provider Management System 1.0 has a vulnerability in the view.php file where improper handling of the 'id' argument allows remote attackers to manipulate inputs, leading to SQL injection. This can enable unauthorized access to the database, allowing the attacker to execute malicious SQL queries. As the vulnerability has been publicly disclosed, it heightens the urgency for affected users to apply upgrades or protective measures.

Affected Version(s)

Service Provider Management System 1.0

References

https://vuldb.com/?id.230798
vdb-entrytechnical-description
https://vuldb.com/?ctiid.230798
signaturepermissions-required
https://github.com/Peanut886/Vulnerability/blob/main/webr...
exploit

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

peanut886886 (VulDB User)
.