PT-2023-32888 · Code Projects · Automated Voting System

Hamdi Sevben

Published

2023-12-28

Updated

2024-05-17

CVE-2023-7127

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions code-projects Automated Voting System version 1.0

Description A critical vulnerability was found in the Login component of the Automated Voting System. The manipulation of the idno argument leads to SQL injection. The exploit has been disclosed to the public and may be used.

Recommendations For version 1.0, consider disabling the Login component until a patch is available to prevent SQL injection attacks. Restrict access to the Login functionality to minimize the risk of exploitation. Avoid using the idno argument in the affected component until the issue is resolved.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2023-7127

Affected Products

Automated Voting System

PT-2023-32888 · Code Projects · Automated Voting System

CVE-2023-7127

Weakness Enumeration

Related Identifiers

Affected Products

References · 8