SourceCodester Simple Membership System account_edit_query.php sql injection
CVE-2023-4845

9.8CRITICAL

Key Information:

Vendor
SourceCodester
Status
Simple Membership System
Vendor
CVE Published:
9 September 2023

Summary

A SQL injection vulnerability exists in the SourceCodester Simple Membership System version 1.0, specifically within the account_edit_query.php file. The flaw arises from improper handling of the admin_id argument, allowing attackers to execute arbitrary SQL queries on the database remotely. This vulnerability has been publicly disclosed, raising concerns for the security of systems utilizing this software. Admins of affected installations are advised to implement patches or workarounds to mitigate potential exploits effectively.

Affected Version(s)

Simple Membership System 1.0

References

https://vuldb.com/?id.239254
vdb-entrytechnical-description
https://vuldb.com/?ctiid.239254
signaturepermissions-required
https://github.com/BigBaos/MemShipVul/blob/main/Simple-Me...
exploit

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

BigBaos (VulDB User)
.