PT-2023-26573 · Campcodes · Campcodes Beauty Salon Management System

Xiafine

Publicado

2023-07-24

Atualizado

2024-05-17

CVE-2023-3871

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Campcodes Beauty Salon Management System version 1.0

Description A critical vulnerability has been found in the Campcodes Beauty Salon Management System. This issue affects the file /admin/edit category.php and is related to the manipulation of the id argument, leading to SQL injection. The attack can be initiated remotely.

Recommendations For Campcodes Beauty Salon Management System version 1.0, consider disabling access to the /admin/edit category.php file until a patch is available. Restrict the manipulation of the id argument to minimize the risk of SQL injection.

Exploit

Correção

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

CVE-2023-3871

Produtos afetados

Campcodes Beauty Salon Management System

PT-2023-26573 · Campcodes · Campcodes Beauty Salon Management System

CVE-2023-3871

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 9