CVE-2023-2653
published 2023-05-11CVE-2023-2653: A vulnerability classified as critical was found in SourceCodester Lost and Found Information System 1.0. Affected by this vulnerability is an unknown…
PriorityP350critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.73%
49.5th percentile
A vulnerability classified as critical was found in SourceCodester Lost and Found Information System 1.0. Affected by this vulnerability is an unknown functionality of the file items/index.php. The manipulation of the argument cid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-228781 was assigned to this vulnerability.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| linux | linux_kernel | >= 0 < 5.10.190 | 5.10.190 |
| linux | linux_kernel | >= 5.11.0 < 5.15.124 | 5.15.124 |
| linux | linux_kernel | >= 5.16.0 < 6.1.43 | 6.1.43 |
| linux | linux_kernel | >= 5.18.0 < 6.4.8 | 6.4.8 |
| oretnom23 | lost_and_found_information_system | — | — |
| sourcecodester | lost_and_found_information_system | — | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
tty: n_gsm: fix UAF in gsm_cleanup_mux
osv·2025-12-09
CVE-2023-53805 tty: n_gsm: fix UAF in gsm_cleanup_mux
tty: n_gsm: fix UAF in gsm_cleanup_mux
In the Linux kernel, the following vulnerability has been resolved:
tty: n_gsm: fix UAF in gsm_cleanup_mux
In gsm_cleanup_mux() the 'gsm->dlci' pointer was not cleaned properly,
leaving it a dangling pointer after gsm_dlci_release.
This leads to use-after-free where 'gsm->dlci[0]' are freed and accessed
by the subsequent gsm_cleanup_mux().
Such is the case in the following call trace:
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x1e3/0x2cb lib/dump_stack.c:106
print_address_description+0x63/0x3b0 mm/kasan/report.c:248
__kasan_report mm/kasan/report.c:434 [inline]
kasan_report+0x16b/0x1c0 mm/kasan/report.c:451
gsm_cleanup_mux+0x76a/0x850 drivers/tty/n_gsm.c:2397
gsm_config drivers/tty/n_gsm.c:2653 [inline]
gsmld_ioctl+0xaae/0x15b0 dr
GHSA
GHSA-6qvw-859w-cwxx: A vulnerability classified as critical was found in SourceCodester Lost and Found Information System 1
ghsa_unreviewed·2023-05-11
CVE-2023-2653 [MEDIUM] CWE-89 GHSA-6qvw-859w-cwxx: A vulnerability classified as critical was found in SourceCodester Lost and Found Information System 1
A vulnerability classified as critical was found in SourceCodester Lost and Found Information System 1.0. Affected by this vulnerability is an unknown functionality of the file items/index.php. The manipulation of the argument cid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-228781 was assigned to this vulnerability.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/Lost-and-Found-Information-System---Multiple-SQL-injections.mdhttps://vuldb.com/?ctiid.228781https://vuldb.com/?id.228781https://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/Lost-and-Found-Information-System---Multiple-SQL-injections.mdhttps://vuldb.com/?ctiid.228781https://vuldb.com/?id.228781
2023-05-11
Published