CVE-2023-37068

CRITICAL

9.8

Beschreibung

Code-Projects Gym Management System V1.0 allows remote attackers to execute arbitrary SQL commands via the login form, leading to unauthorized access and potential data manipulation. This vulnerability arises due to insufficient validation of user-supplied input in the username and password fields, enabling SQL Injection attacks.

CVE Details

CVSS v3.1 Bewertung9.8

SchweregradCRITICAL

CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AngriffsvektorNETWORK

KomplexitatLOW

Erforderliche PrivilegienNONE

BenutzerinteraktionNONE

Veroffentlicht8/9/2023

Zuletzt geandert11/21/2024

Quellenvd

Honeypot-Sichtungen0

Betroffene Produkte

sherlock:gym_management_system

Schwachen (CWE)

CWE-89

Referenzen

https://github.com/Mr-Secure-Code/My-CVE/blob/main/CVE-2023-37068-Exploit.md(cve@mitre.org)

https://github.com/riteshs4hu/My-CVE/blob/main/CVE-2023-37068-Exploit.md(cve@mitre.org)

https://github.com/Mr-Secure-Code/My-CVE/blob/main/CVE-2023-37068-Exploit.md(af854a3a-2127-422b-91ae-364da2661108)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.