SourceCodester Best POS Management System Login Page admin_class.php sql injection
CVE-2023-3617

9.8CRITICAL

Key Information:

Vendor

SourceCodester
Status
Best POS Management System
Vendor
CVE Published:
11 July 2023

What is CVE-2023-3617?

A SQL injection vulnerability has been identified in the SourceCodester Best POS Management System 1.0, specifically within the login page functionality in the admin_class.php file. An attacker can manipulate the 'username' parameter, potentially leading to unauthorized access and other malicious consequences. This vulnerability can be exploited remotely, posing a significant risk to the system's integrity and security. Public knowledge of this exploit heightens the urgency for users to secure their installations.

Affected Version(s)

Best POS Management System 1.0

References

https://vuldb.com/?id.233565
vdb-entrytechnical-description
https://vuldb.com/?ctiid.233565
signaturepermissions-required
https://github.com/movonow/demo/blob/main/kruxton.md
exploit

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

zhangguohu (VulDB User)
JSON
.