SourceCodester Free and Open Source Inventory Management System member_data.php sql injection
CVE-2023-6306

9.8CRITICAL

Key Information:

Vendor

SourceCodester
Status
Free and Open Source Inventory Management System
Vendor
CVE Published:
27 November 2023

What is CVE-2023-6306?

A security vulnerability has been identified in the SourceCodester Free and Open Source Inventory Management System that allows for SQL injection through manipulation of the 'columns' argument in the 'member_data.php' file. This flaw can be exploited remotely by attackers, potentially leading to unauthorized access to sensitive data stored in the database. Public knowledge of this exploit heightens the risk of attacks, necessitating immediate attention from users to safeguard their systems.

Affected Version(s)

Free and Open Source Inventory Management System 1.0

References

https://vuldb.com/?id.246132
vdb-entrytechnical-description
https://vuldb.com/?ctiid.246132
signaturepermissions-required
https://github.com/BigTiger2020/2023/blob/main/Free%20and...
exploit

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

fzh1613 (VulDB User)
.