SourceCodester Contact Manager App add.php sql injection
CVE-2023-4872

6.3MEDIUM

Key Information:

Vendor

Sourcecodester
Status
Contact Manager App
Vendor
CVE Published:
10 September 2023

What is CVE-2023-4872?

A vulnerability, which was classified as critical, has been found in SourceCodester Contact Manager App 1.0. This issue affects some unknown processing of the file add.php. The manipulation of the argument contact/contactName leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-239357 was assigned to this vulnerability.

Affected Version(s)

Contact Manager App 1.0

References

https://vuldb.com/?id.239357
vdb-entrytechnical-description
https://vuldb.com/?ctiid.239357
signaturepermissions-required
https://skypoc.wordpress.com/2023/09/05/vuln1/
exploit

CVSS V3.1

Score:
6.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

gikaku (VulDB User)
.