PT-2023-16615 · Sourcecodester · Sourcecodester Auto Dealer Management System

Navaidansari

Publicado

2023-02-18

Atualizado

2024-05-17

CVE-2023-0913

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions SourceCodester Auto Dealer Management System version 1.0

Description A critical issue was found in the SourceCodester Auto Dealer Management System. This issue affects the file "/adms/admin/?page=vehicles/sell vehicle" and is related to the manipulation of the id argument, which leads to SQL injection. The attack can be initiated remotely.

Recommendations For SourceCodester Auto Dealer Management System version 1.0, consider restricting access to the "/adms/admin/?page=vehicles/sell vehicle" endpoint until a patch is available. As a temporary workaround, avoid using the id argument in the affected endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Exploit

Correção

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

CVE-2023-0913

Produtos afetados

Sourcecodester Auto Dealer Management System

PT-2023-16615 · Sourcecodester · Sourcecodester Auto Dealer Management System

CVE-2023-0913

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7