Описание
SQL injection vulnerability in Sourcecodester Budget and Expense Tracker System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username field.
Ссылки
- https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/B%26E%20Tracker-by:oretnom23-v1.0ExploitThird Party Advisory
- https://www.sourcecodester.com/php/14893/budget-and-expense-tracker-system-php-free-source-code.htmlThird Party Advisory
- https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/B%26E%20Tracker-by:oretnom23-v1.0ExploitThird Party Advisory
- https://www.sourcecodester.com/php/14893/budget-and-expense-tracker-system-php-free-source-code.htmlThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:oretnom23:budget_and_expense_tracker_system:1.0:*:*:*:*:*:*:*
EPSS
Процентиль: 92%
0.07821
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-89
Связанные уязвимости
CVSS3: 9.8
github
около 4 лет назад
SQL injection vulnerability in Sourcecodester Budget and Expense Tracker System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username field.
EPSS
Процентиль: 92%
0.07821
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-89