CVE-2023-1352

Name of the Vulnerable Software and Affected Versions SourceCodester Design and Implementation of Covid-19 Directory on Vaccination System version 1.0

Description A critical issue has been found in the system, affecting the processing of the file /admin/login.php. The manipulation of the arguments txtusername and txtpassword leads to sql injection. The attack can be initiated remotely. The complexity of an attack is rather high, and the exploitation is known to be difficult. The exploit has been disclosed to the public and may be used.

Recommendations For version 1.0, consider disabling the login functionality in /admin/login.php until a patch is available. Restrict access to the txtusername and txtpassword arguments to minimize the risk of exploitation. As a temporary workaround, avoid using the /admin/login.php file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.