SourceCodester AC Repair and Services System HTTP POST Request sql injection
CVE-2023-3657

9.8CRITICAL

Key Information:

Vendor: SourceCodester
Status: AC Repair and Services System
Vendor: CVE Published:; 13 July 2023

Summary

A vulnerability exists in the SourceCodester AC Repair and Services System 1.0 relating to improper handling of HTTP POST requests. Specifically, the issue arises from the processing of the 'id' argument in Master.php?f=save_book, which opens the door for SQL injection attacks. This allows remote attackers to execute unauthorized SQL commands through crafted requests, potentially compromising the integrity and confidentiality of the database.

Affected Version(s)

AC Repair and Services System 1.0

References

https://vuldb.com/?id.234011

vdb-entrytechnical-description

https://vuldb.com/?ctiid.234011

signature

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 13, 2023
Vulnerability Reserved
Jul 13, 2023

Credit

fushuling (VulDB User)