CVE-2023-1379

A vulnerability was found in SourceCodester Friendly Island Pizza Website and Ordering System 1.0. It has been rated as critical. This issue affects some unknown processing of the file addmem.php of the component POST Parameter Handler. The manipulation of the argument firstname leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223127.

CVSS v3.0 9.8 CRITICAL

9.8^/10

CVSS v3.0 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://vuldb.com/?id.223127	Third Party Advisory
https://github.com/AureliusLia/bug_report/blob/main/vendors/Skynidnine/Friendly%20Island%20Pizza%20Website%20and%20Ordering%20System/SQLi-1.md	Exploit Vendor Advisory
https://vuldb.com/?ctiid.223127	Permissions Required Third Party Advisory

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:a:friendly_island_pizza_website_and_ordering_system_project:friendly_island_pizza_website_and_ordering_system:1.0:*:*:*:*:*:*:*

Information

Published : 2023-03-15 09:15

Updated : 2023-03-20 13:35

NVD link : CVE-2023-1379

Mitre link : CVE-2023-1379

JSON object : View

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Advertisement

Products Affected

friendly_island_pizza_website_and_ordering_system_project

friendly_island_pizza_website_and_ordering_system

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://vuldb.com/?id.223127", "name": "https://vuldb.com/?id.223127", "tags": ["Third Party Advisory"], "refsource": "MISC"}, {"url": "https://github.com/AureliusLia/bug_report/blob/main/vendors/Skynidnine/Friendly%20Island%20Pizza%20Website%20and%20Ordering%20System/SQLi-1.md", "name": "https://github.com/AureliusLia/bug_report/blob/main/vendors/Skynidnine/Friendly%20Island%20Pizza%20Website%20and%20Ordering%20System/SQLi-1.md", "tags": ["Exploit", "Vendor Advisory"], "refsource": "MISC"}, {"url": "https://vuldb.com/?ctiid.223127", "name": "https://vuldb.com/?ctiid.223127", "tags": ["Permissions Required", "Third Party Advisory"], "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "A vulnerability was found in SourceCodester Friendly Island Pizza Website and Ordering System 1.0. It has been rated as critical. This issue affects some unknown processing of the file addmem.php of the component POST Parameter Handler. The manipulation of the argument firstname leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223127."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-89"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2023-1379", "ASSIGNER": "cna@vuldb.com"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}}, "publishedDate": "2023-03-15T16:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:friendly_island_pizza_website_and_ordering_system_project:friendly_island_pizza_website_and_ordering_system:1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2023-03-20T20:35Z"}