A vulnerability, which was classified as critical, was found in SourceCodester Lost and Found Information System 1.0. Affected is an unknown function of the file admin\user\manage_user.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-231150 is the identifier assigned to this vulnerability.
References
Link | Resource |
---|---|
https://github.com/AnotherN/cvv/blob/main/imgs/Lost%20and%20Found%20Information%20System%20-%20multiple%20vulnerabilities.md#7sql-injection-vulnerability-in-adminusermanage_userphp | Exploit |
https://vuldb.com/?ctiid.231150 | Third Party Advisory |
https://vuldb.com/?id.231150 | Third Party Advisory |
Configurations
History
25 Sep 2023, 16:46
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:oretnom23:lost_and_found_information_system:1.0:*:*:*:*:*:*:* | |
First Time |
Oretnom23 lost And Found Information System
Oretnom23 |
15 Jun 2023, 22:16
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:lost_and_found_information_system_project:lost_and_found_information_system:1.0:*:*:*:*:*:*:* | |
First Time |
Lost And Found Information System Project lost And Found Information System
Lost And Found Information System Project |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
References | (MISC) https://vuldb.com/?id.231150 - Third Party Advisory | |
References | (MISC) https://vuldb.com/?ctiid.231150 - Third Party Advisory | |
References | (MISC) https://github.com/AnotherN/cvv/blob/main/imgs/Lost%20and%20Found%20Information%20System%20-%20multiple%20vulnerabilities.md#7sql-injection-vulnerability-in-adminusermanage_userphp - Exploit |
09 Jun 2023, 13:03
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-06-09 06:16
Updated : 2024-05-14 13:31
NVD link : CVE-2023-3176
Mitre link : CVE-2023-3176
CVE.ORG link : CVE-2023-3176
JSON object : View
Products Affected
oretnom23
- lost_and_found_information_system
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')