SourceCodester Best POS Management System Login Page admin_class.php sql injection
CVE-2023-3617

9.8CRITICAL

Key Information:

Vendor

SourceCodester
Status
Best POS Management System
Vendor
CVE Published:
11 July 2023

What is CVE-2023-3617?

A SQL injection vulnerability has been identified in the SourceCodester Best POS Management System 1.0, specifically within the login page functionality in the admin_class.php file. An attacker can manipulate the 'username' parameter, potentially leading to unauthorized access and other malicious consequences. This vulnerability can be exploited remotely, posing a significant risk to the system's integrity and security. Public knowledge of this exploit heightens the urgency for users to secure their installations.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Best POS Management System 1.0

References

https://vuldb.com/?id.233565
vdb-entrytechnical-description
https://vuldb.com/?ctiid.233565
signaturepermissions-required
https://github.com/movonow/demo/blob/main/kruxton.md
exploit

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

zhangguohu (VulDB User)
JSON
.