fkie_cve-2023-41594
Vulnerability from fkie_nvd
Published
2023-09-08 03:15
Modified
2024-11-21 08:21
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Dairy Farm Shop Management System Using PHP and MySQL v1.1 was discovered to contain multiple SQL injection vulnerabilities in the Login function via the Username and Password parameters.
References
cve@mitre.orghttps://github.com/MATRIXDEVIL/CVE/blob/main/CVE-2023-41594Exploit
cve@mitre.orghttps://portswigger.net/web-security/sql-injectionTechnical Description
cve@mitre.orghttps://www.acunetix.com/vulnerabilities/web/sql-injection/Technical Description
af854a3a-2127-422b-91ae-364da2661108https://github.com/MATRIXDEVIL/CVE/blob/main/CVE-2023-41594Exploit
af854a3a-2127-422b-91ae-364da2661108https://portswigger.net/web-security/sql-injectionTechnical Description
af854a3a-2127-422b-91ae-364da2661108https://www.acunetix.com/vulnerabilities/web/sql-injection/Technical Description
Impacted products
Vendor Product Version
phpgurukul dairy_farm_shop_management_system 1.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:phpgurukul:dairy_farm_shop_management_system:1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1EC8290-03A2-4AC6-922B-B469FBB0E453",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Dairy Farm Shop Management System Using PHP and MySQL v1.1 was discovered to contain multiple SQL injection vulnerabilities in the Login function via the Username and Password parameters."
    },
    {
      "lang": "es",
      "value": "Se ha descubierto que Dairy Farm Shop Management System Using PHP and MySQL v1.1 contiene m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en la funci\u00f3n de inicio de sesi\u00f3n a trav\u00e9s de los par\u00e1metros de nombre de usuario y contrase\u00f1a. "
    }
  ],
  "id": "CVE-2023-41594",
  "lastModified": "2024-11-21T08:21:19.890",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-09-08T03:15:08.997",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "https://github.com/MATRIXDEVIL/CVE/blob/main/CVE-2023-41594"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Technical Description"
      ],
      "url": "https://portswigger.net/web-security/sql-injection"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Technical Description"
      ],
      "url": "https://www.acunetix.com/vulnerabilities/web/sql-injection/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "https://github.com/MATRIXDEVIL/CVE/blob/main/CVE-2023-41594"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Technical Description"
      ],
      "url": "https://portswigger.net/web-security/sql-injection"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Technical Description"
      ],
      "url": "https://www.acunetix.com/vulnerabilities/web/sql-injection/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.