CVE-2023-1962

Name of the Vulnerable Software and Affected Versions SourceCodester Best Online News Portal version 1.0

Description A critical issue was found in the file /admin/forgot-password.php, specifically in the POST Parameter Handler component. The manipulation of the username argument leads to SQL injection. This issue can be exploited remotely.

Recommendations For version 1.0, consider disabling the /admin/forgot-password.php file or restricting access to it until a patch is available. As a temporary workaround, avoid using the username argument in the affected POST parameter handler to minimize the risk of exploitation.