CVE-2023-0903

CWE-89 — SQL Injection4 documents4 sources

Severity

8.8HIGH

EPSS

0.4%

top 41.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Sourcecodester Employee Task Management System Employee Task Management System Project Employee Task Management System

Timeline

PublishedFeb 18

Latest updateApr 6

Description

A vulnerability was found in SourceCodester Employee Task Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file edit-task.php. The manipulation of the argument task_id leads to sql injection. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221452.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:LExploitability: 1.6 | Impact: 3.4

Affected Packages2 packages

▶CVEListV5sourcecodester/employee_task_management_system1.0

▶NVDemployee_task_management_system_project/employee_task_management_system1.0

🔴Vulnerability Details

CVEList

SourceCodester Employee Task Management System edit-task.php sql injection↗2023-02-18

▶

GHSA

GHSA-fxwh-5m79-c73p: A vulnerability was found in SourceCodester Employee Task Management System 1↗2023-02-18

▶

💥Exploits & PoCs

Exploit-DB

Employee Task Management System v1.0 - SQL Injection on edit-task.php↗2023-04-06

▶