SourceCodester Inventory Management System edit_sell.php sql injection
CVE-2023-4182

9.8CRITICAL

Key Information:

Vendor: SourceCodester
Status: Inventory Management System
Vendor: CVE Published:; 6 August 2023

Summary

A vulnerability has been identified in the SourceCodester Inventory Management System 1.0 that allows an attacker to exploit the file edit_sell.php. By manipulating the up_pid parameter, an attacker can execute SQL injection attacks remotely. This could lead to unauthorized access to the database, allowing potential data theft or manipulation. It is crucial for users of this system to assess their security measures and apply necessary updates to mitigate risks associated with this vulnerability.

Affected Version(s)

Inventory Management System 1.0

References

https://vuldb.com/?id.236217

vdb-entrytechnical-description

https://vuldb.com/?ctiid.236217

signature

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 6, 2023
Vulnerability Reserved
Aug 5, 2023

Credit

mikel22 (VulDB User)