SourceCodester Sticky Notes App delete-note.php sql injection
CVE-2023-5792

9.8CRITICAL

Key Information:

Vendor

SourceCodester
Status
Sticky Notes App
Vendor
CVE Published:
26 October 2023

What is CVE-2023-5792?

The SourceCodester Sticky Notes App 1.0 contains a vulnerability in the file endpoint/delete-note.php, where improper validation of the 'note' argument permits SQL injection. This flaw enables attackers to manipulate database queries, potentially leading to unauthorized data access and further exploitation. The vulnerability can be triggered remotely, making it essential for users and administrators to secure their applications against this risk. For detailed technical analysis and exploit information, refer to the provided references.

Affected Version(s)

Sticky Notes App 1.0

References

https://vuldb.com/?id.243598
vdb-entrytechnical-description
https://vuldb.com/?ctiid.243598
signaturepermissions-required
https://github.com/Yp1oneer/cve_hub/blob/main/Sticky%20No...
exploit

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Yp1oneer (VulDB User)
.
CVE-2023-5792 : SourceCodester Sticky Notes App delete-note.php sql injection