SourceCodester AC Repair and Services System HTTP POST Request sql injection
CVE-2023-3619

9.8CRITICAL

Key Information:

Vendor: SourceCodester
Status: AC Repair and Services System
Vendor: CVE Published:; 11 July 2023

Summary

A SQL injection vulnerability exists in the SourceCodester AC Repair and Services System 1.0, specifically in the HTTP POST Request Handler located in the Master.php file. This issue arises due to improper validation of the 'id' parameter, allowing attackers to manipulate requests and execute malicious SQL queries. The exploitation of this vulnerability can lead to unauthorized access to the database and potentially expose sensitive information. Attackers can initiate this process remotely, posing significant security risks to installations of the affected product.

Affected Version(s)

AC Repair and Services System 1.0

References

https://vuldb.com/?id.233573

vdb-entrytechnical-description

https://vuldb.com/?ctiid.233573

signature

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 11, 2023
Vulnerability Reserved
Jul 11, 2023

Credit

fushuling (VulDB User)