PT-2023-28165 · Sourcecodester · Resort Reservation System

Yesec

Publicado

2023-08-06

Atualizado

2024-05-17

CVE-2023-4192

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions SourceCodester Resort Reservation System version 1.0

Description A critical issue was found in the manage user.php file, where the manipulation of the id argument leads to sql injection. This can be initiated remotely. The issue has been publicly disclosed and may be exploited.

Recommendations For version 1.0, consider disabling the id argument in the manage user.php file as a temporary workaround until a patch is available. Restrict access to the manage user.php file to minimize the risk of exploitation. Avoid using the id argument in the affected file until the issue is resolved.

Exploit

Correção

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

CVE-2023-4192

Produtos afetados

Resort Reservation System

PT-2023-28165 · Sourcecodester · Resort Reservation System

CVE-2023-4192

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7