PT-2023-30855 · Sourcecodester · Sourcecodester Simple Membership System

Back_Knight

Publicado

2023-09-09

Atualizado

2024-05-17

CVE-2023-4846

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions SourceCodester Simple Membership System version 1.0

Description A critical issue affects the processing of the file delete member.php. The manipulation of the mem id argument leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Recommendations For SourceCodester Simple Membership System version 1.0, consider disabling the delete member.php file or restricting access to it until a patch is available. As a temporary workaround, avoid using the mem id argument in the affected file to minimize the risk of exploitation.

Exploit

Correção

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

CVE-2023-4846

Produtos afetados

Sourcecodester Simple Membership System

PT-2023-30855 · Sourcecodester · Sourcecodester Simple Membership System

CVE-2023-4846

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 10