SourceCodester Contact Manager App delete.php sql injection
CVE-2023-4871

6.3MEDIUM

Key Information:

Vendor
Sourcecodester
Status
Contact Manager App
Vendor
CVE Published:
10 September 2023

Summary

A vulnerability classified as critical was found in SourceCodester Contact Manager App 1.0. This vulnerability affects unknown code of the file delete.php. The manipulation of the argument contact/contactName leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-239356.

Affected Version(s)

Contact Manager App 1.0

References

https://vuldb.com/?id.239356
vdb-entrytechnical-description
https://vuldb.com/?ctiid.239356
signaturepermissions-required
https://skypoc.wordpress.com/2023/09/05/vuln1/
exploit

CVSS V3.1

Score:
6.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.