CVE-2023-1455

CWE-89SQL Injection3 documents3 sources
Severity
8.1HIGH
EPSS
0.3%
top 48.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Sourcecodester Online Pizza Ordering SystemOnline Pizza Ordering System Project Online Pizza Ordering System
Timeline
PublishedMar 17

Description

A vulnerability classified as critical was found in SourceCodester Online Pizza Ordering System 1.0. This vulnerability affects unknown code of the file admin/ajax.php?action=login2 of the component Login Page. The manipulation of the argument email with the input abc%40qq.com' AND (SELECT 9110 FROM (SELECT(SLEEP(5)))XSlc) AND 'jFNl'='jFNl leads to sql injection. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploi

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:LExploitability: 2.2 | Impact: 3.4

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-vm76-j474-w5fr: A vulnerability classified as critical was found in SourceCodester Online Pizza Ordering System 12023-03-17
CVEList
SourceCodester Online Pizza Ordering System Login Page sql injection2023-03-17
CVE-2023-1455 (HIGH CVSS 8.1) | A vulnerability classified as criti | cvebase.io