SourceCodester AC Repair and Services System HTTP POST Request sql injection
CVE-2023-3678

9.8CRITICAL

Key Information:

Vendor: SourceCodester
Status: AC Repair and Services System
Vendor: CVE Published:; 15 July 2023

Summary

A SQL injection vulnerability exists in the SourceCodester AC Repair and Services System 1.0, specifically in the HTTP POST Request Handler found at /classes/Master.php?f=delete_inquiry. This vulnerability arises from improper handling of the 'id' parameter, allowing attackers to manipulate SQL queries executed by the application. The exploitation of this vulnerability can enable unauthorized access to the database, potentially leading to data breaches and other malicious activities. The attack can be executed remotely, making it critical for affected users to apply necessary patches and safeguard their systems.

Affected Version(s)

AC Repair and Services System 1.0

References

https://vuldb.com/?id.234223

vdb-entrytechnical-description

https://vuldb.com/?ctiid.234223

signature

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 15, 2023
Vulnerability Reserved
Jul 15, 2023

Credit

L2ncE (VulDB User)