SourceCodester Inventory Management System search_sell_paymen_report.php sql injection
CVE-2023-4437

9.8CRITICAL

Key Information:

Vendor
SourceCodester
Status
Inventory Management System
Vendor
CVE Published:
20 August 2023

Summary

A SQL injection vulnerability exists in the Search Sell Payment Report feature of SourceCodester Inventory Management System 1.0. This vulnerability arises from improper handling of user input in the 'customer' argument of the app/ajax/search_sell_paymen_report.php file. Attackers can exploit this flaw remotely to execute arbitrary SQL commands, potentially compromising the database integrity and accessing sensitive information. With the public disclosure of this vulnerability, it poses a serious risk to users running affected versions of the software.

Affected Version(s)

Inventory Management System 1.0

References

https://vuldb.com/?id.237558
vdb-entrytechnical-description
https://vuldb.com/?ctiid.237558
signaturepermissions-required
https://github.com/E1CHO/cve_hub/blob/main/PUBLIC%20CVE%2...
exploit

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

wuguanfengyue (VulDB User)
.