PT-2023-16709 · Sourcecodester · Sourcecodester Online Graduate Tracer System

Kdyhuiji

Publicado

2023-02-26

Atualizado

2024-05-17

CVE-2023-1040

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions SourceCodester Online Graduate Tracer System version 1.0

Description A critical issue has been found in the SourceCodester Online Graduate Tracer System, affecting some unknown functionality of the file tracking/admin/add acc.php. The manipulation of the id argument leads to SQL injection. The attack can be launched remotely.

Recommendations For SourceCodester Online Graduate Tracer System version 1.0, consider disabling the add acc.php file in the tracking/admin directory until a patch is available to prevent SQL injection attacks. Restrict access to the id argument in the affected file to minimize the risk of exploitation.

Exploit

Correção

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

CVE-2023-1040

Produtos afetados

Sourcecodester Online Graduate Tracer System

PT-2023-16709 · Sourcecodester · Sourcecodester Online Graduate Tracer System

CVE-2023-1040

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6