VDB-229279 · CVE-2023-2773 · GCVE-100-229279

code-projects Bus Dispatch and Information System 1.0 view_admin.php adminid SQL ଇଞ୍ଜେକ୍ସନ

Rakkoon nageenyaa kan ଜଟିଳ jedhamuun beekamu code-projects Bus Dispatch and Information System 1.0 keessatti argameera. Miidhaan irra gahe is hojii hin beekamne faayilii view_admin.php keessa. Dhugumatti jijjiirraa irratti raawwatame adminid gara SQL ଇଞ୍ଜେକ୍ସନ geessa. Waliigalteewwan CWE fayyadamuun rakkoo ibsuun gara CWE-89 si geessa. Beekumsi kun yeroo 05/17/2023 ifoomsifameera. Odeeffannoon kun buufachuuf gitee.com irratti dhiyaateera. Dogoggorri kun maqaa CVE-2023-2773 jedhuun tajaajilama. Weerara fageenya irraa jalqabuun ni danda'ama. Odeeffannoon teeknikaa ni argama. Akka dabalataan, meeshaa balaa kana fayyadamuuf argama. Qorannoo miidhaa (exploit) beeksifamee jira, namoonni itti fayyadamuu danda'u. Yeroo ammaa, gatii exploit might be approx. USD $0-$5k beekamuu danda'a. ପ୍ରୁଫ୍-ଅଫ୍-କନ୍ସେପ୍ଟ jedhamee murtaa’eera. Exploit kana gitee.com irraa buufachuu ni dandeessa. Waggaa 0-day ta'ee, gatiin isaa daldala dhoksaa keessatti $0-$5k jedhamee tilmaamame. Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

2 ଆଡାପ୍ଟେସନ୍ · 44 ପଏଣ୍ଟ

ଫିଲ୍ଡ	ସୃଷ୍ଟି ହୋଇଛି 05/17/2023 07:03 PM	ଅଦ୍ୟତନ 1/1 06/10/2023 11:50 AM
vulnerability_cwe	CWE-89 (SQL ଇଞ୍ଜେକ୍ସନ)	CWE-89 (SQL ଇଞ୍ଜେକ୍ସନ)
vulnerability_risk	2	2
cvss3_vuldb_av	N	N
cvss3_vuldb_ac	L	L
cvss3_vuldb_ui	N	N
cvss3_vuldb_s	U	U
cvss3_vuldb_c	L	L
cvss3_vuldb_i	L	L
cvss3_vuldb_a	L	L
cvss3_vuldb_e	P	P
cvss3_vuldb_rc	R	R
advisory_url	https://gitee.com/zyz0103/system-vul/blob/master/Bus%20Dispatch%20and%20Information%20System%20in%20adminid%20has%20Sql%20injection%20vulnerabilities.pdf	https://gitee.com/zyz0103/system-vul/blob/master/Bus%20Dispatch%20and%20Information%20System%20in%20adminid%20has%20Sql%20injection%20vulnerabilities.pdf
exploit_availability	1	1
exploit_publicity	1	1
exploit_url	https://gitee.com/zyz0103/system-vul/blob/master/Bus%20Dispatch%20and%20Information%20System%20in%20adminid%20has%20Sql%20injection%20vulnerabilities.pdf	https://gitee.com/zyz0103/system-vul/blob/master/Bus%20Dispatch%20and%20Information%20System%20in%20adminid%20has%20Sql%20injection%20vulnerabilities.pdf
source_cve	CVE-2023-2773	CVE-2023-2773
cna_responsible	VulDB	VulDB
advisory_date	1684274400 (05/17/2023)	1684274400 (05/17/2023)
software_type	Project Management Software	Project Management Software
cvss2_vuldb_av	N	N
cvss2_vuldb_ac	L	L
cvss2_vuldb_ci	P	P
cvss2_vuldb_ii	P	P
cvss2_vuldb_ai	P	P
cvss2_vuldb_e	POC	POC
cvss2_vuldb_rc	UR	UR
cvss2_vuldb_au	S	S
cvss2_vuldb_rl	ND	ND
cvss3_vuldb_pr	L	L
cvss3_vuldb_rl	X	X
cvss2_vuldb_basescore	6.5	6.5
cvss2_vuldb_tempscore	5.6	5.6
cvss3_vuldb_basescore	6.3	6.3
cvss3_vuldb_tempscore	5.7	5.7
cvss3_meta_basescore	6.3	6.3
cvss3_meta_tempscore	5.7	5.7
price_0day	$0-$5k	$0-$5k
software_vendor	code-projects	code-projects
software_name	Bus Dispatch and Information System	Bus Dispatch and Information System
software_version	1.0	1.0
software_file	view_admin.php	view_admin.php
software_argument	adminid	adminid
cve_assigned		1684274400 (05/17/2023)
cve_nvd_summary		A vulnerability has been found in code-projects Bus Dispatch and Information System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file view_admin.php. The manipulation of the argument adminid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-229279.

◂ ପଛକୁ ସମୀକ୍ଷା ଆହୁରି ଦୂରରେ ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!