SourceCodester Food Ordering Management System 1.0 Registration username sql injection

EntryHistoryjsonxmlCTI

A vulnerability, which was classified as critical, was found in SourceCodester Food Ordering Management System 1.0. Affected is an unknown function of the component Registration. The manipulation of the argument username leads to sql injection. Using CWE to declare the problem leads to CWE-89. The weakness was released 05/09/2023. This vulnerability is traded as CVE-2023-2594. It is possible to launch the attack remotely. Technical details are available. Furthermore, there is an exploit available. The current price for an exploit might be approx. USD $0-$5k at the moment. The MITRE ATT&CK project declares the attack technique as T1505. It is declared as proof-of-concept. As 0-day the estimated underground price was around $0-$5k. A possible mitigation has been published before and not just after the disclosure of the vulnerability.

Field	05/09/2023 14:18	06/01/2023 07:54	06/01/2023 08:00
vendor	SourceCodester	SourceCodester	SourceCodester
name	Food Ordering Management System	Food Ordering Management System	Food Ordering Management System
version	1.0	1.0	1.0
component	Registration	Registration	Registration
argument	username	username	username
cwe	89 (sql injection)	89 (sql injection)	89 (sql injection)
risk	2	2	2
cvss3_vuldb_av	N	N	N
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_pr	N	N	N
cvss3_vuldb_ui	N	N	N
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	L	L	L
cvss3_vuldb_i	L	L	L
cvss3_vuldb_a	L	L	L
cvss3_vuldb_e	P	P	P
cvss3_vuldb_rc	R	R	R
availability	1	1	1
cve	CVE-2023-2594	CVE-2023-2594	CVE-2023-2594
responsible	VulDB	VulDB	VulDB
date	1683583200 (05/09/2023)	1683583200 (05/09/2023)	1683583200 (05/09/2023)
cvss2_vuldb_av	N	N	N
cvss2_vuldb_ac	L	L	L
cvss2_vuldb_au	N	N	N
cvss2_vuldb_ci	P	P	P
cvss2_vuldb_ii	P	P	P
cvss2_vuldb_ai	P	P	P
cvss2_vuldb_e	POC	POC	POC
cvss2_vuldb_rc	UR	UR	UR
cvss2_vuldb_rl	ND	ND	ND
cvss3_vuldb_rl	X	X	X
cvss2_vuldb_basescore	7.5	7.5	7.5
cvss2_vuldb_tempscore	6.4	6.4	6.4
cvss3_vuldb_basescore	7.3	7.3	7.3
cvss3_vuldb_tempscore	6.6	6.6	6.6
cvss3_meta_basescore	7.3	7.3	8.1
cvss3_meta_tempscore	6.6	6.6	7.9
price_0day	$0-$5k	$0-$5k	$0-$5k
cve_assigned		1683583200 (05/09/2023)	1683583200 (05/09/2023)
cve_nvd_summary		A vulnerability, which was classified as critical, was found in SourceCodester Food Ordering Management System 1.0. Affected is an unknown function of the component Registration. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-228396.	A vulnerability, which was classified as critical, was found in SourceCodester Food Ordering Management System 1.0. Affected is an unknown function of the component Registration. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-228396.
cvss3_nvd_av			N
cvss3_nvd_ac			L
cvss3_nvd_pr			N
cvss3_nvd_ui			N
cvss3_nvd_s			U
cvss3_nvd_c			H
cvss3_nvd_i			H
cvss3_nvd_a			H
cvss2_nvd_av			N
cvss2_nvd_ac			L
cvss2_nvd_au			N
cvss2_nvd_ci			P
cvss2_nvd_ii			P
cvss2_nvd_ai			P
cvss3_cna_av			N
cvss3_cna_ac			L
cvss3_cna_pr			N
cvss3_cna_ui			N
cvss3_cna_s			U
cvss3_cna_c			L
cvss3_cna_i			L
cvss3_cna_a			L
cve_cna			VulDB
cvss2_nvd_basescore			7.5
cvss3_nvd_basescore			9.8
cvss3_cna_basescore			7.3

◂ Previous Overview Next ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!