CVE-2023-2344

Name of the Vulnerable Software and Affected Versions SourceCodester Service Provider Management System version 1.0

Description A critical issue has been found in the HTTP POST Request Handler component, specifically in the /classes/Master.php?f=save service file. The manipulation of the name argument leads to SQL injection. This issue can be exploited remotely.

Recommendations For SourceCodester Service Provider Management System version 1.0, consider disabling the save service functionality in the /classes/Master.php file until a patch is available. Restrict access to the Master.php file to minimize the risk of exploitation. Avoid using the name argument in the affected HTTP POST Request Handler endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.