PT-2023-32611 · Sourcecodester · Sourcecodester Loan Management System

Joinia

Publicado

2023-11-27

Atualizado

2024-05-17

CVE-2023-6311

CVSS v3.1

7.2

Alta

Vetor

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions SourceCodester Loan Management System version 1.0

Description A critical issue affects the function delete ltype of the file delete ltype.php in the Loan Type Page component. The manipulation of the ltype id argument leads to SQL injection. This issue can be exploited remotely.

Recommendations For SourceCodester Loan Management System version 1.0, consider disabling the delete ltype function in the delete ltype.php file until a patch is available to prevent SQL injection attacks. Restrict access to the Loan Type Page component to minimize the risk of exploitation. Avoid using the ltype id argument in the affected component until the issue is resolved.

Exploit

Correção

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

CVE-2023-6311

Produtos afetados

Sourcecodester Loan Management System

PT-2023-32611 · Sourcecodester · Sourcecodester Loan Management System

CVE-2023-6311

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7