PT-2023-31521 · Sourcecodester · Simple Membership System

Harveylang

Publicado

2023-09-17

Atualizado

2024-05-17

CVE-2023-5027

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions SourceCodester Simple Membership System version 1.0

Description A critical issue was found in the Simple Membership System, affecting an unknown functionality of the file club validator.php. The manipulation of the club argument leads to SQL injection. This issue can be exploited remotely.

Recommendations For version 1.0, as a temporary workaround, consider restricting access to the club validator.php file until a patch is available. Avoid using the club argument in the affected functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Exploit

Correção

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

CVE-2023-5027

Produtos afetados

Simple Membership System

PT-2023-31521 · Sourcecodester · Simple Membership System

CVE-2023-5027

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5