SourceCodester Game Result Matrix System GET Parameter athlete-profile.php sql injection
CVE-2023-3383

9.8CRITICAL

Key Information:

Vendor
SourceCodester
Status
Game Result Matrix System
Vendor
CVE Published:
23 June 2023

Summary

A vulnerability exists in the SourceCodester Game Result Matrix System version 1.0, specifically within the file /dipam/athlete-profile.php. This vulnerability allows attackers to manipulate the 'id' parameter, leading to SQL injection attacks that can be executed remotely. As the exploit has been publicly disclosed, it poses a significant risk to users of this system, emphasizing the need for immediate patching and security measures to mitigate potential attacks.

Affected Version(s)

Game Result Matrix System 1.0

References

https://vuldb.com/?id.232239
vdb-entrytechnical-description
https://vuldb.com/?ctiid.232239
signaturepermissions-required
https://github.com/M9KJ-TEAM/CVEReport/blob/main/SQL2.md
exploit

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

zhangyf (VulDB User)
.