Online Voting System Project v1.0 - Multiple Unauthenticated SQL Injections (SQLi)
CVE-2023-48434

9.8CRITICAL

Key Information:

Vendor: Projectworlds Pvt. Limited
Status: Online Voting System Project
Vendor: CVE Published:; 20 December 2023

🔔 Create Projectworlds Pvt. Limited Vulnerability Alert

What is CVE-2023-48434?

The Online Voting System Project v1.0 is susceptible to multiple SQL Injection vulnerabilities due to improper validation of the 'username' parameter in the reg_action.php file. This lack of sanitization allows attackers to send malicious input directly to the database, potentially leading to unauthorized data access and manipulation. Proper validation and sanitization protocols should be implemented to safeguard against these types of attacks.

Affected Version(s)

Online Voting System Project 1.0

References

https://fluidattacks.com/advisories/ma/

third-party-advisory

https://projectworlds.in/

product

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 20, 2023
Vulnerability Reserved
Nov 16, 2023