CVE-2023-0332

Опубликовано: 17 янв. 2023

Источник: nvd

CVSS3: 7.3

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

A vulnerability was found in SourceCodester Online Food Ordering System 2.0. It has been classified as critical. Affected is an unknown function of the file admin/manage_user.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-218472.

Ссылки

https://github.com/qyhmsys/cve-list/blob/master/Online%20Food%20Ordering%20System%20manage_user.php%20has%20SQLinject.md
Exploit
Third Party Advisory
https://vuldb.com/?ctiid.218472
Third Party Advisory
VDB Entry
https://vuldb.com/?id.218472
Permissions Required
Third Party Advisory
VDB Entry
https://github.com/qyhmsys/cve-list/blob/master/Online%20Food%20Ordering%20System%20manage_user.php%20has%20SQLinject.md
Exploit
Third Party Advisory
https://vuldb.com/?ctiid.218472
Third Party Advisory
VDB Entry
https://vuldb.com/?id.218472
Permissions Required
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:online_food_ordering_system_project:online_food_ordering_system:2.0:*:*:*:*:*:*:*

EPSS

Процентиль: 53%

0.00298

Низкий

7.3 High

CVSS3

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-hv4h-fc69-69wr

CVSS3: 9.8

github

около 3 лет назад

EPSS

Процентиль: 53%

0.00298

Низкий

7.3 High

CVSS3

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-89