SQL Injection Vulnerability in PHPJabbers Food Delivery Script
CVE-2023-40749

9.8CRITICAL

Key Information:

Vendor: PHPjabbers
Status: Food Delivery Script
Vendor: CVE Published:; 28 August 2023

What is CVE-2023-40749?

The PHPJabbers Food Delivery Script version 3.0 is susceptible to SQL Injection attacks through the 'column' parameter in index.php. This vulnerability may allow attackers to gain unauthorized access to the database, manipulate database queries, and potentially expose sensitive data. It is crucial for users of this script to apply security patches and implement safeguards to mitigate the risks associated with SQL Injection.

References

https://www.phpjabbers.com/food-delivery-script/

https://medium.com/%40mfortinsec/multiple-vulnerabilities...

EPSS Score

25% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 28, 2023
Vulnerability Reserved
Aug 22, 2023

PHPjabbers

What is CVE-2023-40749?

References

EPSS Score

CVSS V3.1

Timeline