A vulnerability has been found in SourceCodester Lost and Found Information System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file admin\inquiries\view_inquiry.php. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-231151.
References
Link | Resource |
---|---|
https://github.com/AnotherN/cvv/blob/main/imgs/Lost%20and%20Found%20Information%20System%20-%20multiple%20vulnerabilities.md#4sql-injection-vulnerability-in-admininquiriesview_inquiryphp | Exploit |
https://vuldb.com/?ctiid.231151 | Third Party Advisory |
https://vuldb.com/?id.231151 | Third Party Advisory |
Configurations
History
25 Sep 2023, 16:46
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:oretnom23:lost_and_found_information_system:1.0:*:*:*:*:*:*:* | |
First Time |
Oretnom23 lost And Found Information System
Oretnom23 |
15 Jun 2023, 22:17
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:lost_and_found_information_system_project:lost_and_found_information_system:1.0:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
First Time |
Lost And Found Information System Project lost And Found Information System
Lost And Found Information System Project |
|
References | (MISC) https://vuldb.com/?ctiid.231151 - Third Party Advisory | |
References | (MISC) https://github.com/AnotherN/cvv/blob/main/imgs/Lost%20and%20Found%20Information%20System%20-%20multiple%20vulnerabilities.md#4sql-injection-vulnerability-in-admininquiriesview_inquiryphp - Exploit | |
References | (MISC) https://vuldb.com/?id.231151 - Third Party Advisory |
09 Jun 2023, 13:03
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-06-09 06:16
Updated : 2024-05-14 13:31
NVD link : CVE-2023-3177
Mitre link : CVE-2023-3177
CVE.ORG link : CVE-2023-3177
JSON object : View
Products Affected
oretnom23
- lost_and_found_information_system
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')