CVE-2023-2089

Name of the Vulnerable Software and Affected Versions SourceCodester Complaint Management System version 1.0

Description A critical issue affects the processing of the file /admin/userprofile.php, specifically the component GET Parameter Handler. The manipulation of the uid argument leads to SQL injection. This issue can be exploited remotely.

Recommendations For SourceCodester Complaint Management System version 1.0, as a temporary workaround, consider restricting access to the /admin/userprofile.php file until a patch is available. Avoid using the uid argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.