SourceCodester Lost and Found Information System HTTP POST Request sql injection
CVE-2023-3680
9.8CRITICAL
What is CVE-2023-3680?
A SQL Injection flaw exists in SourceCodester's Lost and Found Information System version 1.0, affecting the HTTP POST Request Handler component. The vulnerability arises from the insecure manipulation of the 'id' argument within the file '/classes/Master.php?f=save_item', allowing an attacker to execute arbitrary SQL queries. This issue can be exploited remotely, potentially leading to unauthorized access or data corruption.
Affected Version(s)
Lost and Found Information System 1.0