SourceCodester Gadget Works Online Ordering System 1.0 POST Parameter login.php user_email sql injection

Una vulnerabilidad clasificada como crítica fue encontrada en SourceCodester Gadget Works Online Ordering System 1.0. Una función desconocida del archivo /philosophy/admin/login.php del componente POST Parameter Handler es afectada por esta vulnerabilidad. A través de la manipulación del parámetro user_email de un input desconocido se causa una vulnerabilidad de clase sql injection. El advisory puede ser descargado de github.com. La vulnerabilidad es identificada como CVE-2023-1358. El ataque se puede hacer desde la red. Los detalles técnicos son conocidos. Fue declarado como proof-of-concept. El exploit puede ser descargado de github.com. Una solución posible ha sido publicada incluso antes y no después de la publicación de la vulnerabilidad.

Campo2023-03-12 08:182023-04-04 14:252023-04-04 14:29
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cLLL
cvss3_vuldb_iLLL
cvss3_vuldb_aLLL
cvss3_vuldb_ePPP
cvss3_vuldb_rcRRR
urlhttps://github.com/heitaoa999/bug_report/blob/main/vendors/janobe/Gadget%20Works%20Online%20Ordering%20System/SQLi-1.mdhttps://github.com/heitaoa999/bug_report/blob/main/vendors/janobe/Gadget%20Works%20Online%20Ordering%20System/SQLi-1.mdhttps://github.com/heitaoa999/bug_report/blob/main/vendors/janobe/Gadget%20Works%20Online%20Ordering%20System/SQLi-1.md
availability111
publicity111
urlhttps://github.com/heitaoa999/bug_report/blob/main/vendors/janobe/Gadget%20Works%20Online%20Ordering%20System/SQLi-1.mdhttps://github.com/heitaoa999/bug_report/blob/main/vendors/janobe/Gadget%20Works%20Online%20Ordering%20System/SQLi-1.mdhttps://github.com/heitaoa999/bug_report/blob/main/vendors/janobe/Gadget%20Works%20Online%20Ordering%20System/SQLi-1.md
cveCVE-2023-1358CVE-2023-1358CVE-2023-1358
responsibleVulDBVulDBVulDB
date1678575600 (2023-03-12)1678575600 (2023-03-12)1678575600 (2023-03-12)
cvss2_vuldb_avNNN
cvss2_vuldb_acLLL
cvss2_vuldb_ciPPP
cvss2_vuldb_iiPPP
cvss2_vuldb_aiPPP
cvss2_vuldb_ePOCPOCPOC
cvss2_vuldb_rcURURUR
cvss2_vuldb_auSSS
cvss2_vuldb_rlNDNDND
cvss3_vuldb_prLLL
cvss3_vuldb_rlXXX
cvss2_vuldb_basescore6.56.56.5
cvss2_vuldb_tempscore5.65.65.6
cvss3_vuldb_basescore6.36.36.3
cvss3_vuldb_tempscore5.75.75.7
cvss3_meta_basescore6.36.37.5
cvss3_meta_tempscore5.75.77.3
price_0day$0-$5k$0-$5k$0-$5k
vendorSourceCodesterSourceCodesterSourceCodester
nameGadget Works Online Ordering SystemGadget Works Online Ordering SystemGadget Works Online Ordering System
version1.01.01.0
componentPOST Parameter HandlerPOST Parameter HandlerPOST Parameter Handler
file/philosophy/admin/login.php/philosophy/admin/login.php/philosophy/admin/login.php
argumentuser_emailuser_emailuser_email
cwe89 (sql injection)89 (sql injection)89 (sql injection)
risk222
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cve_assigned1678575600 (2023-03-12)1678575600 (2023-03-12)
cve_nvd_summaryA vulnerability, which was classified as critical, was found in SourceCodester Gadget Works Online Ordering System 1.0. This affects an unknown part of the file /philosophy/admin/login.php of the component POST Parameter Handler. The manipulation of the argument user_email leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-222861 was assigned to this vulnerability.A vulnerability, which was classified as critical, was found in SourceCodester Gadget Works Online Ordering System 1.0. This affects an unknown part of the file /philosophy/admin/login.php of the component POST Parameter Handler. The manipulation of the argument user_email leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-222861 was assigned to this vulnerability.
cvss3_nvd_avN
cvss3_nvd_acL
cvss3_nvd_prN
cvss3_nvd_uiN
cvss3_nvd_sU
cvss3_nvd_cH
cvss3_nvd_iH
cvss3_nvd_aH
cvss2_nvd_avN
cvss2_nvd_acL
cvss2_nvd_auS
cvss2_nvd_ciP
cvss2_nvd_iiP
cvss2_nvd_aiP
cvss3_cna_avN
cvss3_cna_acL
cvss3_cna_prL
cvss3_cna_uiN
cvss3_cna_sU
cvss3_cna_cL
cvss3_cna_iL
cvss3_cna_aL
cve_cnaVulDB
cvss2_nvd_basescore6.5
cvss3_nvd_basescore9.8
cvss3_cna_basescore6.3

AnteriorVisión De ConjuntoPróximo

Want to stay up to date on a daily basis?

Enable the mail alert feature now!