SourceCodester AC Repair and Services System sql injection
CVE-2023-3661

9.8CRITICAL

Key Information:

Vendor: SourceCodester
Status: AC Repair and Services System
Vendor: CVE Published:; 13 July 2023

Summary

A security flaw has been identified in SourceCodester AC Repair and Services System version 1.0, located in the /classes/Master.php file. This vulnerability allows for SQL injection via the manipulation of the 'id' parameter in a remote manner. Exploiting this weakness could potentially allow an attacker to execute arbitrary SQL commands, compromising the integrity and confidentiality of the database.

Affected Version(s)

AC Repair and Services System 1.0

References

https://vuldb.com/?id.234015

vdb-entrytechnical-description

https://vuldb.com/?ctiid.234015

signature

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 13, 2023
Vulnerability Reserved
Jul 13, 2023

Credit

NNanfeng (VulDB User)