SQL Injection Vulnerability in Code-Projects Simple Task List by Ersinerenler
CVE-2023-46023

6.5MEDIUM

Key Information:

Vendor
CVE Published:
14 November 2023

What is CVE-2023-46023?

The Code-Projects Simple Task List version 1.0 contains a vulnerability in the addTask.php file, where improper validation of user-supplied input via the 'status' parameter can lead to SQL injection attacks. Attackers exploiting this flaw could gain unauthorized access to sensitive information stored in the database, posing significant risks to data integrity and confidentiality.

References

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.