exploitDog

CVE-2023-37068

Опубликовано: 09 авг. 2023

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

Code-Projects Gym Management System V1.0 allows remote attackers to execute arbitrary SQL commands via the login form, leading to unauthorized access and potential data manipulation. This vulnerability arises due to insufficient validation of user-supplied input in the username and password fields, enabling SQL Injection attacks.

Ссылки

https://github.com/Mr-Secure-Code/My-CVE/blob/main/CVE-2023-37068-Exploit.md
Exploit
Third Party Advisory
https://github.com/riteshs4hu/My-CVE/blob/main/CVE-2023-37068-Exploit.md
https://github.com/Mr-Secure-Code/My-CVE/blob/main/CVE-2023-37068-Exploit.md
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:sherlock:gym_management_system:1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 50%

0.00269

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-89

Связанные уязвимости

GHSA-5v64-89vr-vpwr

CVSS3: 9.8

github

больше 2 лет назад

Code-Projects Gym Management System V1.0 allows remote attackers to execute arbitrary SQL commands via the login form, leading to unauthorized access and potential data manipulation. This vulnerability arises due to insufficient validation of user-supplied input in the username and password fields, enabling SQL Injection attacks.

EPSS

Процентиль: 50%

0.00269

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-89