SourceCodester Inventory Management System product_data.php. sql injection
CVE-2023-4200
9.8CRITICAL
Summary
A vulnerability identified in SourceCodester Inventory Management System version 1.0 allows for SQL injection through manipulation of specific arguments in the file product_data.php. This flaw enables remote attackers to execute unauthorized SQL commands, potentially exposing sensitive data or compromising the integrity of the database. Given that the exploit has been made public, it poses a significant risk to systems using this version of the software.
Affected Version(s)
Inventory Management System 1.0
References
CVSS V3.1
Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
YeSec (VulDB User)