CVE-2023-2090 — SQL Injection in Employee AND Visitor Gate Pass Logging System

CWE-89 — SQL Injection3 documents3 sources

Severity

8.8HIGHNVD

CNA6.3

EPSS

0.3%

top 49.46%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Sourcecodester Employee AND Visitor Gate Pass Logging System Oretnom23 Employee AND Visitor Gate Pass Logging System

Timeline

PublishedApr 15

Description

A vulnerability classified as critical has been found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0. Affected is an unknown function of the file /admin/maintenance/view_designation.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-226098 is the identifier assigned to this vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5sourcecodester/employee_and_visitor_gate_pass_logging_system1.0

▶NVDoretnom23/employee_and_visitor_gate_pass_logging_system1.0

🔴Vulnerability Details

GHSA

GHSA-rxrp-64fw-rfrv: A vulnerability classified as critical has been found in SourceCodester Employee and Visitor Gate Pass Logging System 1↗2023-04-15

▶

CVEList

SourceCodester Employee and Visitor Gate Pass Logging System GET Parameter view_designation.php sql injection↗2023-04-15

▶