CVE-2023-41594

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

D

airy Farm Shop Management System Using PHP and MySQL v1.1 was discovered to contain multiple SQL injection vulnerabilities in the Login function via the Username and Password parameters.

References

Link	Resource
https://github.com/MATRIXDEVIL/CVE/blob/main/CVE-2023-41594	Exploit
https://portswigger.net/web-security/sql-injection	Technical Description
https://www.acunetix.com/vulnerabilities/web/sql-injection/	Technical Description
https://github.com/MATRIXDEVIL/CVE/blob/main/CVE-2023-41594	Exploit
https://portswigger.net/web-security/sql-injection	Technical Description
https://www.acunetix.com/vulnerabilities/web/sql-injection/	Technical Description

Configurations

Configuration 1 (hide)

cpe:2.3:a:phpgurukul:dairy_farm_shop_management_system:1.1:*:*:*:*:*:*:*

History

21 Nov 2024, 08:21

Type	Values Removed	Values Added
References	~~() https://github.com/MATRIXDEVIL/CVE/blob/main/CVE-2023-41594 - Exploit~~	() https://github.com/MATRIXDEVIL/CVE/blob/main/CVE-2023-41594 - Exploit
References	~~() https://portswigger.net/web-security/sql-injection - Technical Description~~	() https://portswigger.net/web-security/sql-injection - Technical Description
References	~~() https://www.acunetix.com/vulnerabilities/web/sql-injection/ - Technical Description~~	() https://www.acunetix.com/vulnerabilities/web/sql-injection/ - Technical Description

Information

Published : 2023-09-08 03:15

Updated : 2024-11-21 08:21

NVD link : CVE-2023-41594

Mitre link : CVE-2023-41594

CVE.ORG link : CVE-2023-41594

JSON object : View

Products Affected

dairy_farm_shop_management_system

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

{"id": "CVE-2023-41594", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2023-09-08T03:15:08.997", "references": [{"url": "https://github.com/MATRIXDEVIL/CVE/blob/main/CVE-2023-41594", "tags": ["Exploit"], "source": "[email protected]"}, {"url": "https://portswigger.net/web-security/sql-injection", "tags": ["Technical Description"], "source": "[email protected]"}, {"url": "https://www.acunetix.com/vulnerabilities/web/sql-injection/", "tags": ["Technical Description"], "source": "[email protected]"}, {"url": "https://github.com/MATRIXDEVIL/CVE/blob/main/CVE-2023-41594", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://portswigger.net/web-security/sql-injection", "tags": ["Technical Description"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.acunetix.com/vulnerabilities/web/sql-injection/", "tags": ["Technical Description"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "Dairy Farm Shop Management System Using PHP and MySQL v1.1 was discovered to contain multiple SQL injection vulnerabilities in the Login function via the Username and Password parameters."}, {"lang": "es", "value": "Se ha descubierto que Dairy Farm Shop Management System Using PHP and MySQL v1.1 contiene m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en la funci\u00f3n de inicio de sesi\u00f3n a trav\u00e9s de los par\u00e1metros de nombre de usuario y contrase\u00f1a. "}], "lastModified": "2024-11-21T08:21:19.890", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:phpgurukul:dairy_farm_shop_management_system:1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A1EC8290-03A2-4AC6-922B-B469FBB0E453"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}