code-projects Intern Membership Management System User Registration sql injection
CVE-2023-7131

9.8CRITICAL

Key Information:

Vendor

code-projects

Status
Intern Membership Management System
Vendor
CVE Published:
28 December 2023

What is CVE-2023-7131?

A vulnerability was detected in the Intern Membership Management System version 2.0, specifically within the User Registration component. This flaw allows for SQL injection through the manipulation of the 'userName' argument in the /user_registration/ file. When exploited, it could enable attackers to interfere with the software’s database queries, potentially leading to unauthorized access to sensitive user data. Publicly disclosed and actively exploitable, organizations using this system should urgently implement the necessary security measures to mitigate any risks.

Affected Version(s)

Intern Membership Management System 2.0

References

https://vuldb.com/?id.249134
vdb-entrytechnical-description
https://vuldb.com/?ctiid.249134
signaturepermissions-required
https://github.com/h4md153v63n/CVEs/blob/main/Intern_Memb...
exploit

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Hamdi Sevben (VulDB User)
JSON
.