SourceCodester Inventory Management System ex_catagory_data.php sql injection
CVE-2023-4201

9.8CRITICAL

Key Information:

Vendor

SourceCodester
Status
Inventory Management System
Vendor
CVE Published:
7 August 2023

What is CVE-2023-4201?

A SQL injection vulnerability exists within the SourceCodester Inventory Management System 1.0, specifically in the file ex_catagory_data.php. This flaw arises from improper handling of the argument columns[1][data], allowing an attacker to manipulate database queries. Given its nature, this vulnerability can be exploited remotely, posing significant risks to users. Public disclosure of the exploit makes it essential for users to take immediate action to protect their systems from potential attacks.

Affected Version(s)

Inventory Management System 1.0

References

https://vuldb.com/?id.236291
vdb-entrytechnical-description
https://vuldb.com/?ctiid.236291
signaturepermissions-required
https://github.com/Yesec/Inventory-Management-System/blob...
exploit

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

YeSec (VulDB User)
.
CVE-2023-4201 : SourceCodester Inventory Management System ex_catagory_data.php sql injection