SourceCodester Lost and Found Information System HTTP POST Request sql injection
CVE-2023-3850
9.8CRITICAL
What is CVE-2023-3850?
A security vulnerability has been identified in the Lost and Found Information System 1.0 developed by SourceCodester. This issue arises from improper handling of input in the HTTP POST Request Handler, specifically within the file /classes/Master.php?f=delete_category. An attacker can exploit this vulnerability by manipulating the 'id' parameter, which could allow for unauthorized SQL commands to be executed against the database. This remote attack can lead to significant data breaches or compromise of the underlying system.
Affected Version(s)
Lost and Found Information System 1.0