Unauthenticated SQL Injection Vulnerability in Information System's Version 1.0
CVE-2023-33677
7.5HIGH
Key Information:
- Vendor
Sourcecodester
- Vendor
- CVE Published:
- 6 March 2024
What is CVE-2023-33677?
The Sourcecodester Lost and Found Information System, specifically in Version 1.0, has a security flaw that allows unauthenticated users to exploit SQL Injection vulnerabilities. This occurs when users manipulate the application's URL parameter "?page=items/view&id=*", enabling potential attackers to execute arbitrary SQL commands. Such exploitation could lead to unauthorized access to sensitive data or complete database compromise, highlighting the need for immediate remedial action to secure the application against SQL Injection threats.