PHPGurukul Restaurant Table Booking System bwdates-report-details.php sql injection
CVE-2023-7100

9.8CRITICAL

Key Information:

Vendor
PHPGurukul
Status
Restaurant Table Booking System
Vendor
CVE Published:
25 December 2023

Summary

An SQL injection vulnerability has been identified within the PHPGurukul Restaurant Table Booking System version 1.0. This flaw resides in an unspecified function of the file /admin/bwdates-report-details.php. By manipulating the 'fdate' parameter, an attacker can execute SQL commands, potentially allowing unauthorized access to the database. This vulnerability can be exploited remotely, increasing its risk profile. Publicly disclosed exploits may be leveraged by malicious actors, targeting unpatched installations of the application.

Affected Version(s)

Restaurant Table Booking System 1.0

References

https://vuldb.com/?id.248952
vdb-entrytechnical-description
https://vuldb.com/?ctiid.248952
signaturepermissions-required
https://medium.com/@2839549219ljk/restaurant-table-bookin...
exploit

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database

Credit

heishou (VulDB User)
.