SourceCodester Inventory Management System catagory_data.php sql injection
CVE-2023-4199

7.5HIGH

Key Information:

Vendor

SourceCodester
Status
Inventory Management System
Vendor
CVE Published:
7 August 2023

What is CVE-2023-4199?

A vulnerability was identified in the SourceCodester Inventory Management System, specifically affecting the file catagory_data.php. The weakness arises from inadequate input validation in the argument columns[1][data], enabling remote attackers to execute SQL injection. Successful exploitation of this vulnerability allows an attacker to manipulate the system's database queries, which may lead to unauthorized access to sensitive data, corruption of database content, or potential control over the affected system.

Affected Version(s)

Inventory Management System 1.0

References

https://vuldb.com/?id.236289
vdb-entrytechnical-description
https://vuldb.com/?ctiid.236289
signaturepermissions-required
https://github.com/Yesec/Inventory-Management-System/blob...
exploit

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

YeSec (VulDB User)
.