CVE-2023-0964

Опубликовано: 22 фев. 2023

Источник: nvd

CVSS3: 5

CVSS3: 8.1

CVSS2: 4.6

EPSS Низкий

Описание

A vulnerability classified as critical has been found in SourceCodester Sales Tracker Management System 1.0. Affected is an unknown function of the file admin/products/view_product.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. VDB-221634 is the identifier assigned to this vulnerability.

Ссылки

https://vuldb.com/?ctiid.221634
Permissions Required
Third Party Advisory
VDB Entry
https://vuldb.com/?id.221634
Third Party Advisory
VDB Entry
https://vuldb.com/?ctiid.221634
Permissions Required
Third Party Advisory
VDB Entry
https://vuldb.com/?id.221634
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:sales_tracker_management_system_project:sales_tracker_management_system:1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 18%

0.00056

Низкий

5 Medium

CVSS3

8.1 High

CVSS3

4.6 Medium

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-j32g-9hmr-9v63

CVSS3: 9.8

github

почти 3 года назад

A vulnerability classified as critical has been found in SourceCodester Sales Tracker Management System 1.0. Affected is an unknown function of the file admin/products/view_product.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. VDB-221634 is the identifier assigned to this vulnerability.

EPSS

Процентиль: 18%

0.00056

Низкий

5 Medium

CVSS3

8.1 High

CVSS3

4.6 Medium

CVSS2

Дефекты

CWE-89