SQL Injection Vulnerability in Janobe Online Voting System from Janobe
CVE-2023-43470

9.8CRITICAL

Key Information:

Vendor: Janobe
Status: Online Voting System
Vendor: CVE Published:; 23 September 2023

What is CVE-2023-43470?

The Janobe Online Voting System version 1.0 is susceptible to an SQL injection vulnerability in the checklogin.php component. This flaw could allow remote attackers to manipulate the database queries, potentially leading to arbitrary code execution. Such exploitation may compromise sensitive data and the overall integrity of the system, making a thorough assessment and immediate remediation essential for affected users.

References

https://github.com/ae6e361b/Online-Voting-System

https://gist.github.com/ae6e361b/1ed56fbfbbfd368835b8a808...

https://www.sourcecodester.com/php/14690/online-voting-sy...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 23, 2023
Vulnerability Reserved
Sep 18, 2023