SourceCodester Canteen Management System 1.0 createCategories.php query categoriesStatus sql injection

A vulnerability was found in SourceCodester Canteen Management System 1.0. It has been declared as critical. This vulnerability affects the function query of the file createCategories.php. The manipulation of the argument categoriesStatus leads to sql injection. Using CWE to declare the problem leads to CWE-89. The weakness was released 03/17/2023. The advisory is available at blog.csdn.net. This vulnerability was named CVE-2023-1461. The attack can be initiated remotely. Technical details are available. There is no exploit available. The structure of the vulnerability defines a possible price range of USD $0-$5k at the moment. This vulnerability is assigned to T1505 by the MITRE ATT&CK project. It is declared as not defined. As 0-day the estimated underground price was around $0-$5k. A possible mitigation has been published even before and not after the disclosure of the vulnerability.

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

User

121

Field

source_cve_nvd_summary1
source_cve_assigned1
exploit_price_0day1
vulnerability_cvss3_meta_tempscore1
vulnerability_cvss3_meta_basescore1

Commit Conf

90%27
50%12
70%2

Approve Conf

90%27
80%12
70%2
IDCommitedUserFieldChangeRemarksAcceptedStatusC
1394136204/11/2023VulD...cve_nvd_summaryA vulnerability was found in SourceCodester Canteen Management System 1.0. It has been declared as critical. This vulnerability affects the function query of the file createCategories.php. The manipulation of the argument categoriesStatus leads to sql injection. The attack can be initiated remotely. VDB-223306 is the identifier assigned to this vulnerability.cve.mitre.org04/11/2023accepted
70
1394136104/11/2023VulD...cve_assigned1679007600 (03/17/2023)cve.mitre.org04/11/2023accepted
70
1382110303/17/2023VulD...price_0day$0-$5ksee exploit price documentation03/17/2023accepted
90
1382110203/17/2023VulD...cvss3_meta_tempscore5.8see CVSS documentation03/17/2023accepted
90
1382110103/17/2023VulD...cvss3_meta_basescore6.3see CVSS documentation03/17/2023accepted
90
1382110003/17/2023VulD...cvss3_vuldb_tempscore5.8see CVSS documentation03/17/2023accepted
90
1382109903/17/2023VulD...cvss3_vuldb_basescore6.3see CVSS documentation03/17/2023accepted
90
1382109803/17/2023VulD...cvss2_vuldb_tempscore5.9see CVSS documentation03/17/2023accepted
90
1382109703/17/2023VulD...cvss2_vuldb_basescore6.5see CVSS documentation03/17/2023accepted
90
1382109603/17/2023VulD...cvss3_vuldb_rlXderived from historical data03/17/2023accepted
80
1382109503/17/2023VulD...cvss3_vuldb_eXderived from historical data03/17/2023accepted
80
1382109403/17/2023VulD...cvss3_vuldb_prLderived from historical data03/17/2023accepted
80
1382109303/17/2023VulD...cvss2_vuldb_rlNDderived from historical data03/17/2023accepted
80
1382109203/17/2023VulD...cvss2_vuldb_eNDderived from historical data03/17/2023accepted
80
1382109103/17/2023VulD...cvss2_vuldb_auSderived from historical data03/17/2023accepted
80
1382109003/17/2023VulD...cvss2_vuldb_rcUCderived from vuldb v3 vector03/17/2023accepted
80
1382108903/17/2023VulD...cvss2_vuldb_aiPderived from vuldb v3 vector03/17/2023accepted
80
1382108803/17/2023VulD...cvss2_vuldb_iiPderived from vuldb v3 vector03/17/2023accepted
80
1382108703/17/2023VulD...cvss2_vuldb_ciPderived from vuldb v3 vector03/17/2023accepted
80
1382108603/17/2023VulD...cvss2_vuldb_acLderived from vuldb v3 vector03/17/2023accepted
80

21 more entries are not shown

🔒 Login Required

You need to signup and login to see more of the remaining 21 results.

PreviousOverviewNext

Do you need the next level of professionalism?

Upgrade your account now!