code-projects Library Management System index.php sql injection
CVE-2023-7111

6.3MEDIUM

Key Information:

Vendor
Code-projects
Status
Library Management System
Vendor
CVE Published:
26 December 2023

Summary

A vulnerability, which was classified as critical, was found in code-projects Library Management System 2.0. Affected is an unknown function of the file index.php. The manipulation of the argument category leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249006 is the identifier assigned to this vulnerability.

Affected Version(s)

Library Management System 2.0

References

https://vuldb.com/?id.249006
vdb-entrytechnical-description
https://vuldb.com/?ctiid.249006
signaturepermissions-required
https://github.com/h4md153v63n/CVEs/blob/main/Library-Man...
exploit

CVSS V3.1

Score:
6.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Hamdi Sevben (VulDB User)
.
CVE-2023-7111 : code-projects Library Management System index.php sql injection | SecurityVulnerability.io