Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2023-0912

CWE-89 — SQL Injection4 documents4 sources

Severity

8.8HIGH

EPSS

0.5%

top 32.37%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Sourcecodester Auto Dealer Management System Auto Dealer Management System Project Auto Dealer Management System

Timeline

PublishedFeb 18

Latest updateApr 6

Description

A vulnerability classified as critical has been found in SourceCodester Auto Dealer Management System 1.0. This affects an unknown part of the file /adms/admin/?page=vehicles/view_transaction. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221481 was assigned to this vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:LExploitability: 1.2 | Impact: 3.4

Affected Packages2 packages

▶CVEListV5sourcecodester/auto_dealer_management_system1.0

▶NVDauto_dealer_management_system_project/auto_dealer_management_system1.0

🔴Vulnerability Details

GHSA

GHSA-3wxg-g674-g9ph: A vulnerability classified as critical has been found in SourceCodester Auto Dealer Management System 1↗2023-02-18

▶

CVEList

SourceCodester Auto Dealer Management System sql injection↗2023-02-18

▶

💥Exploits & PoCs

Exploit-DB

Auto Dealer Management System v1.0 - SQL Injection↗2023-04-06

▶