PT-2023-23215 · Sourcecodester · Sourcecodester Service Provider Management System

Peanut886886

·

Publicado

2023-06-06

·

Atualizado

2024-05-17

·

CVE-2023-3119

CVSS v3.1

8.8

Alta

VetorAV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions SourceCodester Service Provider Management System version 1.0
Description A critical issue has been found in the SourceCodester Service Provider Management System, affecting some unknown functionality of the file view.php. The manipulation of the id argument leads to SQL injection. The attack can be launched remotely.
Recommendations For SourceCodester Service Provider Management System version 1.0, consider restricting access to the view.php file to minimize the risk of exploitation. As a temporary workaround, avoid using the id argument in the affected file until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.

Exploit

Correção

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

CVE-2023-3119

Produtos afetados

Sourcecodester Service Provider Management System