SourceCodester User Registration and Login System add-user.php sql injection
CVE-2023-6464

9.8CRITICAL

Key Information:

Vendor

SourceCodester
Status
User Registration and Login System
Vendor
CVE Published:
2 December 2023

What is CVE-2023-6464?

A SQL injection vulnerability has been discovered within the SourceCodester User Registration and Login System version 1.0. This security flaw resides in the /endpoint/add-user.php file, where improper handling of the 'user' argument could allow an attacker to manipulate SQL queries. This makes it possible for a remote attacker to execute unauthorized SQL commands, potentially compromising the application's database. The vulnerability has been publicly disclosed, raising concerns about the potential exploitation by malicious actors. Users are highly advised to verify their applications and apply necessary patches to mitigate the risks associated with this vulnerability.

Affected Version(s)

User Registration and Login System 1.0

References

https://vuldb.com/?id.246614
vdb-entrytechnical-description
https://vuldb.com/?ctiid.246614
signaturepermissions-required
https://github.com/qqisee/vulndis/blob/main/sqlInjection_...
exploit

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

hlhyp (VulDB User)
JSON
.