SQL Injection Vulnerability in Sourcecodester Packers and Movers Management System v1.0
CVE-2023-46435

9.8CRITICAL

Key Information:

Vendor: Oretnom23
Status: Packers And Movers Management System
Vendor: CVE Published:; 26 October 2023

What is CVE-2023-46435?

The Sourcecodester Packers and Movers Management System version 1.0 is vulnerable to an SQL Injection attack through the 'mpms/?p=services/view_service&id' endpoint. This flaw allows attackers to manipulate SQL queries, potentially gaining unauthorized access to sensitive data or executing arbitrary SQL commands. It is crucial for users of this software to apply necessary security measures to mitigate the risk associated with this vulnerability.

References

https://github.com/kirra-max/bug_reports/blob/main/packer...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 26, 2023
Vulnerability Reserved
Oct 23, 2023

Oretnom23

What is CVE-2023-46435?

References

CVSS V3.1

Timeline