CVE-2023-0964 — SQL Injection in Sales Tracker Management System

CWE-89 — SQL Injection3 documents3 sources

Severity

8.1HIGHNVD

CNA5.0

EPSS

0.2%

top 55.68%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Sourcecodester Sales Tracker Management System Sales Tracker Management System Project Sales Tracker Management System

Timeline

PublishedFeb 22

Description

A vulnerability classified as critical has been found in SourceCodester Sales Tracker Management System 1.0. Affected is an unknown function of the file admin/products/view_product.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. VDB-221634 is the identifier assigned to this vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5sourcecodester/sales_tracker_management_system1.0

▶NVDsales_tracker_management_system_project/sales_tracker_management_system1.0

🔴Vulnerability Details

CVEList

SourceCodester Sales Tracker Management System view_product.php sql injection↗2023-02-22

▶

GHSA

GHSA-j32g-9hmr-9v63: A vulnerability classified as critical has been found in SourceCodester Sales Tracker Management System 1↗2023-02-22

▶