CVE-2023-33677

Name of the Vulnerable Software and Affected Versions Sourcecodester Lost and Found Information System version 1.0

Description The issue is related to unauthenticated SQL Injection. The vulnerability can be exploited at the API endpoint "?page=items/view&id=*". This allows for potential manipulation of database queries without proper authentication.

Recommendations For version 1.0, consider disabling access to the "?page=items/view&id=*" endpoint until a patch is available. Restricting user input for the id variable in this endpoint can also help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.