SourceCodester Visitor Management System manage_user.php sql injection
CVE-2023-5918

6.3MEDIUM

Key Information:

Vendor

Sourcecodester
Status
Visitor Management System
Vendor
CVE Published:
2 November 2023

What is CVE-2023-5918?

A vulnerability exists in the SourceCodester Visitor Management System 1.0, specifically within the manage_user.php file. This issue arises from improper handling of input in the argument 'id', which allows for SQL injection attacks. Attackers could exploit this vulnerability remotely, potentially leading to unauthorized access to sensitive database information or manipulation of application data.

Affected Version(s)

Visitor Management System 1.0

References

https://vuldb.com/?id.244308
vdb-entrytechnical-description
https://vuldb.com/?ctiid.244308
signaturepermissions-required
https://github.com/Castle1984/CveRecord/blob/main/Sql_app...
related

CVSS V3.1

Score:
6.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

CVSS V3.0

Score:
6.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

yuhangliu (VulDB User)
.
CVE-2023-5918 : SourceCodester Visitor Management System manage_user.php sql injection