SQL Injection Vulnerability in Simple Admin Panel App by Burak Sevben
CVE-2024-25223

9.8CRITICAL

Key Information:

Vendor: Code-projects
Status: Simple Admin Panel
Vendor: CVE Published:; 14 February 2024

Summary

The Simple Admin Panel App version 1.0 is susceptible to a SQL injection vulnerability, which can be exploited through manipulating the orderID parameter in the request to /adminView/viewEachOrder.php. This flaw may allow attackers to execute arbitrary SQL commands, potentially leading to unauthorized access to the database and exposure of sensitive information. Proper input validation and sanitization are recommended to mitigate this risk.

References

https://github.com/BurakSevben/CVEs/blob/main/Simple%20Ad...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 14, 2024
Vulnerability Reserved
Feb 7, 2024