PT-2023-19421 · Sourcecodester · Sourcecodester Ac Repair/Services System

Yp1Oneer

Publicado

2023-04-29

Atualizado

2024-05-17

CVE-2023-2413

CVSS v3.1

6.5

Média

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions SourceCodester AC Repair and Services System version 1.0

Description A critical issue has been found in the system, affecting an unknown functionality of the file /admin/bookings/manage booking.php. The manipulation of the id argument leads to SQL injection. This issue can be exploited remotely.

Recommendations For SourceCodester AC Repair and Services System version 1.0, consider restricting access to the /admin/bookings/manage booking.php file until a patch is available. As a temporary workaround, avoid using the id argument in the affected file to minimize the risk of exploitation.

Exploit

Correção

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

CVE-2023-2413

Produtos afetados

Sourcecodester Ac Repair/Services System

PT-2023-19421 · Sourcecodester · Sourcecodester Ac Repair/Services System

CVE-2023-2413

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6