CVE-2023-1737

EUVD-2023-23959
A vulnerability, which was classified as critical, was found in SourceCodester Young Entrepreneur E-Negosyo System 1.0. This affects an unknown part of the file login.php. The manipulation of the argument U_USERNAME leads to sql injection. It is possible to initiate the attack remotely. The identifier VDB-224625 was assigned to this vulnerability.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.3 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
VulDBCNA
7.3 HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 17%
Affected Products (NVD)
VendorProductVersion
young_entrepreneur_e-negosyo_system_projectyoung_entrepreneur_e-negosyo_system
1.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://vuldb.com/?ctiid.224625
https://vuldb.com/?id.224625
https://vuldb.com/?ctiid.224625
https://vuldb.com/?id.224625