SourceCodester Inventory Management System sell_return.php sql injection
CVE-2023-4184

9.8CRITICAL

Key Information:

Vendor: SourceCodester
Status: Inventory Management System
Vendor: CVE Published:; 6 August 2023

Summary

A vulnerability exists in the SourceCodester Inventory Management System 1.0 that allows for SQL injection through improper handling of the 'pid' parameter in the sell_return.php file. This flaw permits attackers to manipulate conditions within database queries, potentially leading to unauthorized data access or modification. Attackers can exploit this vulnerability remotely, highlighting the significant risks it poses to web application security.

Affected Version(s)

Inventory Management System 1.0

References

https://vuldb.com/?id.236219

vdb-entrytechnical-description

https://vuldb.com/?ctiid.236219

signature

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 6, 2023
Vulnerability Reserved
Aug 5, 2023

Credit

mikel22 (VulDB User)