SourceCodester Online Tours & Travels Management System 1.0 disapprove_user.php id sql injection

EntryHistoryDiffjsonxmlCTI

A vulnerability classified as critical was found in SourceCodester Online Tours & Travels Management System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/disapprove_user.php. The manipulation of the argument id leads to sql injection. The CWE definition for the vulnerability is CWE-89. The weakness was released 01/27/2023. The advisory is shared at github.com. This vulnerability is known as CVE-2023-0532. The attack can be launched remotely. Technical details are available. Furthermore, there is an exploit available. The exploit has been disclosed to the public and may be used. The price for an exploit might be around USD $0-$5k at the moment. MITRE ATT&CK project uses the attack technique T1505 for this issue. It is declared as proof-of-concept. It is possible to download the exploit at github.com. We expect the 0-day to have been worth approximately $0-$5k. A possible mitigation has been published even before and not after the disclosure of the vulnerability.

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

User

1	48

Field

vulnerability_cvss3_meta_tempscore	2
vulnerability_cvss3_cna_basescore	1
vulnerability_cvss3_nvd_basescore	1
vulnerability_cvss2_nvd_basescore	1
source_cve_cna	1

Commit Conf

90%	35
70%	25
50%	10

Approve Conf

90%	35
70%	25
80%	10

ID	Commited	User	Field	Change	Remarks	Accepted	Status	C
13722405	02/23/2023	VulD...	cvss3_cna_basescore	4.7	see CVSS documentation	02/23/2023	accepted	90
13722404	02/23/2023	VulD...	cvss3_nvd_basescore	4.7	nist.gov	02/23/2023	accepted	90
13722403	02/23/2023	VulD...	cvss2_nvd_basescore	5.8	nist.gov	02/23/2023	accepted	90
13722402	02/23/2023	VulD...	cvss3_meta_tempscore	4.6	see CVSS documentation	02/23/2023	accepted	90
13722401	02/23/2023	VulD...	cve_cna	VulDB	nvd.nist.gov	02/23/2023	accepted	70
13722400	02/23/2023	VulD...	cvss3_cna_a	L	nvd.nist.gov	02/23/2023	accepted	70
13722399	02/23/2023	VulD...	cvss3_cna_i	L	nvd.nist.gov	02/23/2023	accepted	70
13722398	02/23/2023	VulD...	cvss3_cna_c	L	nvd.nist.gov	02/23/2023	accepted	70
13722397	02/23/2023	VulD...	cvss3_cna_s	U	nvd.nist.gov	02/23/2023	accepted	70
13722396	02/23/2023	VulD...	cvss3_cna_ui	N	nvd.nist.gov	02/23/2023	accepted	70
13722395	02/23/2023	VulD...	cvss3_cna_pr	H	nvd.nist.gov	02/23/2023	accepted	70
13722394	02/23/2023	VulD...	cvss3_cna_ac	L	nvd.nist.gov	02/23/2023	accepted	70
13722393	02/23/2023	VulD...	cvss3_cna_av	N	nvd.nist.gov	02/23/2023	accepted	70
13722392	02/23/2023	VulD...	cvss2_nvd_ai	P	nvd.nist.gov	02/23/2023	accepted	70
13722391	02/23/2023	VulD...	cvss2_nvd_ii	P	nvd.nist.gov	02/23/2023	accepted	70
13722390	02/23/2023	VulD...	cvss2_nvd_ci	P	nvd.nist.gov	02/23/2023	accepted	70
13722389	02/23/2023	VulD...	cvss2_nvd_au	M	nvd.nist.gov	02/23/2023	accepted	70
13722388	02/23/2023	VulD...	cvss2_nvd_ac	L	nvd.nist.gov	02/23/2023	accepted	70
13722387	02/23/2023	VulD...	cvss2_nvd_av	N	nvd.nist.gov	02/23/2023	accepted	70
13722386	02/23/2023	VulD...	cvss3_nvd_a	L	nvd.nist.gov	02/23/2023	accepted	70

50 more entries are not shown

🔒 Login Required

You need to signup and login to see more of the remaining 50 results.

◂ Previous Overview Next ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!