Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2023-0913

CWE-89 — SQL Injection4 documents4 sources

Severity

8.8HIGH

EPSS

0.5%

top 32.38%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Sourcecodester Auto Dealer Management System Auto Dealer Management System Project Auto Dealer Management System

Timeline

PublishedFeb 18

Latest updateApr 6

Description

A vulnerability classified as critical was found in SourceCodester Auto Dealer Management System 1.0. This vulnerability affects unknown code of the file /adms/admin/?page=vehicles/sell_vehicle. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-221482 is the identifier assigned to this vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:LExploitability: 1.2 | Impact: 3.4

Affected Packages2 packages

▶CVEListV5sourcecodester/auto_dealer_management_system1.0

▶NVDauto_dealer_management_system_project/auto_dealer_management_system1.0

🔴Vulnerability Details

CVEList

SourceCodester Auto Dealer Management System sql injection↗2023-02-18

▶

GHSA

GHSA-864v-8g4x-h48f: A vulnerability classified as critical was found in SourceCodester Auto Dealer Management System 1↗2023-02-18

▶

💥Exploits & PoCs

Exploit-DB

Auto Dealer Management System v1.0 - SQL Injection in sell_vehicle.php↗2023-04-06

▶