SourceCodester Free and Open Source Inventory Management System edit_product.php sql injection
CVE-2023-7155

8.8HIGH

Key Information:

Vendor

SourceCodester
Status
Free and Open Source Inventory Management System
Vendor
CVE Published:
29 December 2023

What is CVE-2023-7155?

A SQL injection vulnerability exists in the SourceCodester Free and Open Source Inventory Management System 1.0. This vulnerability is triggered by manipulating the 'id' argument in the edit_product.php file. A successful exploit allows an attacker to execute arbitrary SQL statements, potentially compromising the integrity of the database. The vulnerability can be exploited remotely, making it a significant concern for users of the affected software. It's crucial for organizations using this software to apply security measures to mitigate the risk.

Affected Version(s)

Free and Open Source Inventory Management System 1.0

References

https://vuldb.com/?id.249177
vdb-entrytechnical-description
https://vuldb.com/?ctiid.249177
signaturepermissions-required
https://medium.com/@heishou/inventory-management-system-s...
exploit

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

heishou (VulDB User)
.
CVE-2023-7155 : SourceCodester Free and Open Source Inventory Management System edit_product.php sql injection