SourceCodester Service Provider Management System view_service.php sql injection
CVE-2023-3120

7.2HIGH

Key Information:

Vendor

SourceCodester
Status
Service Provider Management System
Vendor
CVE Published:
6 June 2023

What is CVE-2023-3120?

A SQL injection vulnerability exists in the SourceCodester Service Provider Management System 1.0 due to improper handling of the 'id' argument in the file view_service.php. This flaw allows attackers to manipulate SQL queries, potentially enabling them to execute arbitrary SQL commands. As a result, a remote attacker may exploit this vulnerability to compromise the database, extract sensitive information, or execute other malicious activities. It is crucial for organizations using this system to apply necessary security patches and updates to mitigate potential risks.

Affected Version(s)

Service Provider Management System 1.0

References

https://vuldb.com/?id.230799
vdb-entrytechnical-description
https://vuldb.com/?ctiid.230799
signaturepermissions-required
https://github.com/Peanut886/Vulnerability/blob/main/webr...
exploit

CVSS V3.1

Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

peanut886886 (VulDB User)
.