PT-2022-20082 · Unknown · Sourcecodester Simple Social Networking Site

K0Xx

Published

2022-05-13

Updated

2022-05-23

CVE-2022-30378

CVSS v3.1

7.2

High

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Sourcecodester Simple Social Networking Site version 1.0

Description The issue allows for SQL Injection via the "/sns/admin/?page=posts/view post&id=" API endpoint, specifically targeting the id variable. This could potentially lead to unauthorized access to sensitive data.

Recommendations For Sourcecodester Simple Social Networking Site version 1.0, consider restricting access to the "/sns/admin/?page=posts/view post&id=" API endpoint until a patch is available. As a temporary workaround, avoid using the id variable in this endpoint to minimize the risk of exploitation.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2022-30378

Affected Products

Sourcecodester Simple Social Networking Site

PT-2022-20082 · Unknown · Sourcecodester Simple Social Networking Site

CVE-2022-30378

Weakness Enumeration

Related Identifiers

Affected Products

References · 3