Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2023-0915

CWE-89 — SQL Injection4 documents4 sources

Severity

8.8HIGH

EPSS

0.4%

top 40.62%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Sourcecodester Auto Dealer Management System Auto Dealer Management System Project Auto Dealer Management System

Timeline

PublishedFeb 19

Latest updateApr 6

Description

A vulnerability classified as critical has been found in SourceCodester Auto Dealer Management System 1.0. Affected is an unknown function of the file /adms/admin/?page=user/manage_user. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-221490 is the identifier assigned to this vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LExploitability: 2.8 | Impact: 3.4

Affected Packages2 packages

▶CVEListV5sourcecodester/auto_dealer_management_system1.0

▶NVDauto_dealer_management_system_project/auto_dealer_management_system1.0

🔴Vulnerability Details

GHSA

GHSA-6mv2-r5fw-xvx7: A vulnerability classified as critical has been found in SourceCodester Auto Dealer Management System 1↗2023-02-19

▶

CVEList

SourceCodester Auto Dealer Management System sql injection↗2023-02-19

▶

💥Exploits & PoCs

Exploit-DB

Auto Dealer Management System v1.0 - SQL Injection on manage_user.php↗2023-04-06

▶