SourceCodester Lost and Found Information System POST Parameter sql injection
CVE-2023-5018

9.8CRITICAL

Key Information:

Vendor: SourceCodester
Status: Lost and Found Information System
Vendor: CVE Published:; 17 September 2023

Summary

A vulnerability impacting SourceCodester's Lost and Found Information System 1.0 has been identified, originating from the POST Parameter Handler component, specifically in the Master.php file. The flaw allows an attacker to manipulate the 'id' parameter leading to SQL injection, which can be exploited remotely. This could potentially result in unauthorized access to the database, retrieval of sensitive data, or further compromise of the web application.

Affected Version(s)

Lost and Found Information System 1.0

References

https://vuldb.com/?id.239859

vdb-entrytechnical-description

https://vuldb.com/?ctiid.239859

signature

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 17, 2023
Vulnerability Reserved
Sep 16, 2023

Credit

p1taya (VulDB User)