PT-2023-1589 · Sourcecodester · Sourcecodester Medical Certificate Generator App

P1Nk

Publicado

2023-02-07

Atualizado

2024-05-17

CVE-2023-0706

CVSS v2.0

9.0

Alta

Vetor

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions SourceCodester Medical Certificate Generator App version 1.0

Description A critical issue has been found in the manage record.php file of the SourceCodester Medical Certificate Generator App, related to the incorrect neutralization of special elements in output. The manipulation of the id argument leads to SQL injection. This issue can be exploited remotely, allowing an attacker to execute arbitrary SQL code.

Recommendations For version 1.0, consider disabling the manage record.php file or restricting access to it until a patch is available. As a temporary workaround, avoid using the id argument in the affected functionality to minimize the risk of exploitation.

Correção

Special Elements Injection

Improper Neutralization

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-74CWE-707CWE-89

Identificadores relacionados

BDU:2023-01083

CVE-2023-0706

Produtos afetados

Sourcecodester Medical Certificate Generator App

PT-2023-1589 · Sourcecodester · Sourcecodester Medical Certificate Generator App

CVE-2023-0706

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6