CVE-2023-3661

Name of the Vulnerable Software and Affected Versions SourceCodester AC Repair and Services System version 1.0

Description A critical issue has been found in the system, affecting an unknown part of the file /classes/Master.php?f=save inquiry. The manipulation of the id argument leads to sql injection, and it is possible to initiate the attack remotely.

Recommendations For version 1.0, consider disabling the save inquiry function in the Master.php file until a patch is available to prevent sql injection attacks. Restrict access to the /classes/Master.php?f=save inquiry endpoint to minimize the risk of exploitation. Avoid using the id argument in the affected endpoint until the issue is resolved.