PT-2024-12223 · Unknown · Oretnom23 Judging Management System
Pings
·
Published
2024-01-12
·
Updated
2024-01-18
·
CVE-2023-30015
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
oretnom23 Judging Management System version 1.0
Description
The issue allows remote attackers to execute arbitrary code and obtain sensitive information via the
txtsearch parameter in the "review search.php" endpoint.Recommendations
For oretnom23 Judging Management System version 1.0, consider restricting access to the
review search.php endpoint until a patch is available, and avoid using the txtsearch parameter to minimize the risk of exploitation.Exploit
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Oretnom23 Judging Management System