SourceCodester Free and Open Source Inventory Management System member_data.php sql injection
CVE-2023-6306
9.8CRITICAL
Key Information:
- Vendor
SourceCodester
- Vendor
- CVE Published:
- 27 November 2023
What is CVE-2023-6306?
A security vulnerability has been identified in the SourceCodester Free and Open Source Inventory Management System that allows for SQL injection through manipulation of the 'columns' argument in the 'member_data.php' file. This flaw can be exploited remotely by attackers, potentially leading to unauthorized access to sensitive data stored in the database. Public knowledge of this exploit heightens the risk of attacks, necessitating immediate attention from users to safeguard their systems.
Affected Version(s)
Free and Open Source Inventory Management System 1.0