PT-2023-29575 · Sourcecodester · Sourcecodester Online Graduate Tracer System

Trutle965

Publicado

2023-08-26

Atualizado

2024-05-17

CVE-2023-4556

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions SourceCodester Online Graduate Tracer System version 1.0

Description A critical issue was found, affecting the mysqli query function of the file sexit.php. The manipulation of the id argument leads to SQL injection. The attack can be launched remotely.

Recommendations For SourceCodester Online Graduate Tracer System version 1.0, as a temporary workaround, consider disabling the mysqli query function in the sexit.php file until a patch is available. Restrict access to the sexit.php file to minimize the risk of exploitation. Avoid using the id argument in the affected function until the issue is resolved.

Exploit

Correção

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

CVE-2023-4556

Produtos afetados

Sourcecodester Online Graduate Tracer System

PT-2023-29575 · Sourcecodester · Sourcecodester Online Graduate Tracer System

CVE-2023-4556

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 10