SourceCodester Loan Management System Loan Type Page delete_ltype.php delete_ltype sql injection
CVE-2023-6311

7.2HIGH

Key Information:

Vendor
SourceCodester
Status
Loan Management System
Vendor
CVE Published:
27 November 2023

Summary

A vulnerability in the SourceCodester Loan Management System version 1.0 allows for SQL injection via the delete_ltype function in delete_ltype.php, specifically through the ltype_id argument. This weakness can be exploited by attackers remotely. The public disclosure of this vulnerability raises significant concerns regarding potential unauthorized database access and the integrity of sensitive data. Users of the affected system are strongly advised to implement mitigations and monitor for any unusual activity.

Affected Version(s)

Loan Management System 1.0

References

https://vuldb.com/?id.246137
vdb-entrytechnical-description
https://vuldb.com/?ctiid.246137
signaturepermissions-required
https://github.com/joinia/webray.com.cn/blob/main/Loan-Ma...
exploit

CVSS V3.1

Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

joinia (VulDB User)
.