SourceCodester Online Tours & Travels Management System 1.0 admin/page-login.php email sql injection

In SourceCodester Online Tours & Travels Management System 1.0 stata rilevata una vulnerabilità di livello critico. Da questa vulnerabilità è interessato una funzione sconosciuta del file admin/page-login.php. Attraverso la manipolazione del parametro email di un input sconosciuto per mezzo di una vulerabilità di classe sql injection. L'advisory è scaricabile da github.com. CVE-2023-0324 è identificato come punto debole. L'attacco si effettua con la rete. I dettagli tecnici sono conosciuti. È stato dichiarato come proof-of-concept. L'exploit è scaricabile da github.com. Una possibile soluzione è stata pubblicata già prima e non dopo la pubblicazione della vulnerabilità.

Campo16/01/2023 15:3908/02/2023 02:3508/02/2023 02:43
publicity111
urlhttps://github.com/linmoren/online-tours-travels-management-system/blob/main/adminpage-login-email.mdhttps://github.com/linmoren/online-tours-travels-management-system/blob/main/adminpage-login-email.mdhttps://github.com/linmoren/online-tours-travels-management-system/blob/main/adminpage-login-email.md
cveCVE-2023-0324CVE-2023-0324CVE-2023-0324
responsibleVulDBVulDBVulDB
date1673823600 (16/01/2023)1673823600 (16/01/2023)1673823600 (16/01/2023)
cvss2_vuldb_avNNN
cvss2_vuldb_acLLL
cvss2_vuldb_auNNN
cvss2_vuldb_ciPPP
cvss2_vuldb_iiPPP
cvss2_vuldb_aiPPP
cvss2_vuldb_ePOCPOCPOC
cvss2_vuldb_rcURURUR
cvss2_vuldb_rlNDNDND
cvss3_vuldb_rlXXX
cvss2_vuldb_basescore7.57.57.5
cvss2_vuldb_tempscore6.46.46.4
cvss3_vuldb_basescore7.37.37.3
cvss3_vuldb_tempscore6.66.66.6
cvss3_meta_basescore7.37.38.1
cvss3_meta_tempscore6.66.67.9
price_0day$0-$5k$0-$5k$0-$5k
vendorSourceCodesterSourceCodesterSourceCodester
nameOnline Tours & Travels Management SystemOnline Tours & Travels Management SystemOnline Tours & Travels Management System
version1.01.01.0
fileadmin/page-login.phpadmin/page-login.phpadmin/page-login.php
argumentemailemailemail
cwe89 (sql injection)89 (sql injection)89 (sql injection)
risk222
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_prNNN
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cLLL
cvss3_vuldb_iLLL
cvss3_vuldb_aLLL
cvss3_vuldb_ePPP
cvss3_vuldb_rcRRR
urlhttps://github.com/linmoren/online-tours-travels-management-system/blob/main/adminpage-login-email.mdhttps://github.com/linmoren/online-tours-travels-management-system/blob/main/adminpage-login-email.mdhttps://github.com/linmoren/online-tours-travels-management-system/blob/main/adminpage-login-email.md
availability111
cve_assigned1673823600 (16/01/2023)1673823600 (16/01/2023)
cve_nvd_summaryA vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file admin/page-login.php. The manipulation of the argument email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-218426 is the identifier assigned to this vulnerability.A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file admin/page-login.php. The manipulation of the argument email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-218426 is the identifier assigned to this vulnerability.
cvss3_nvd_avN
cvss3_nvd_acL
cvss3_nvd_prN
cvss3_nvd_uiN
cvss3_nvd_sU
cvss3_nvd_cH
cvss3_nvd_iH
cvss3_nvd_aH
cvss2_nvd_avN
cvss2_nvd_acL
cvss2_nvd_auN
cvss2_nvd_ciP
cvss2_nvd_iiP
cvss2_nvd_aiP
cvss3_cna_avN
cvss3_cna_acL
cvss3_cna_prN
cvss3_cna_uiN
cvss3_cna_sU
cvss3_cna_cL
cvss3_cna_iL
cvss3_cna_aL
cve_cnaVulDB
cvss2_nvd_basescore7.5
cvss3_nvd_basescore9.8
cvss3_cna_basescore7.3

PrecedenteVisione D'insiemeIl prossimo

Do you need the next level of professionalism?

Upgrade your account now!