Required CVE Record Information
Description
A vulnerability was found in SourceCodester Online Internship Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file admin/login.php of the component POST Parameter Handler. The manipulation of the argument email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-228770 is the identifier assigned to this vulnerability.
CVSS 3 Total
| Score | Severity | Version | Vector String |
|---|---|---|---|
| 7.3 | HIGH | 3.1 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
| 7.3 | HIGH | 3.0 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
| 7.5 | — | 2.0 | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Credits
- HaolunSong (VulDB User) analyst
References 3 Total
- https://vuldb.com/?id.228770 vdb-entrytechnical-description
- https://vuldb.com/?ctiid.228770 signaturepermissions-required
- https://github.com/csbsong/bug_report/blob/main/SQLi-1.md exploit
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 3 Total
- https://vuldb.com/?id.228770 vdb-entrytechnical-descriptionx_transferred
- https://vuldb.com/?ctiid.228770 signaturepermissions-requiredx_transferred
- https://github.com/csbsong/bug_report/blob/main/SQLi-1.md exploitx_transferred