CVE-2023-41594

Dairy Farm Shop Management System Using PHP and MySQL v1.1 was discovered to contain multiple SQL injection vulnerabilities in the Login function via the Username and Password parameters.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/MATRIXDEVIL/CVE/blob/main/CVE-2023-41594	Exploit
https://portswigger.net/web-security/sql-injection	Technical Description
https://www.acunetix.com/vulnerabilities/web/sql-injection/	Technical Description
https://github.com/MATRIXDEVIL/CVE/blob/main/CVE-2023-41594	Exploit
https://portswigger.net/web-security/sql-injection	Technical Description
https://www.acunetix.com/vulnerabilities/web/sql-injection/	Technical Description

Configurations

Configuration 1 (hide)

cpe:2.3:a:phpgurukul:dairy_farm_shop_management_system:1.1:*:*:*:*:*:*:*

History

No history.

Information

Published : 2023-09-08 03:15

Updated : 2024-11-21 08:21

NVD link : CVE-2023-41594

Mitre link : CVE-2023-41594

CVE.ORG link : CVE-2023-41594

JSON object : View

Products Affected

phpgurukul

dairy_farm_shop_management_system

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

{"id": "CVE-2023-41594", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2023-09-08T03:15:08.997", "references": [{"url": "https://github.com/MATRIXDEVIL/CVE/blob/main/CVE-2023-41594", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "https://portswigger.net/web-security/sql-injection", "tags": ["Technical Description"], "source": "cve@mitre.org"}, {"url": "https://www.acunetix.com/vulnerabilities/web/sql-injection/", "tags": ["Technical Description"], "source": "cve@mitre.org"}, {"url": "https://github.com/MATRIXDEVIL/CVE/blob/main/CVE-2023-41594", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://portswigger.net/web-security/sql-injection", "tags": ["Technical Description"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.acunetix.com/vulnerabilities/web/sql-injection/", "tags": ["Technical Description"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "Dairy Farm Shop Management System Using PHP and MySQL v1.1 was discovered to contain multiple SQL injection vulnerabilities in the Login function via the Username and Password parameters."}, {"lang": "es", "value": "Se ha descubierto que Dairy Farm Shop Management System Using PHP and MySQL v1.1 contiene m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en la funci\u00f3n de inicio de sesi\u00f3n a trav\u00e9s de los par\u00e1metros de nombre de usuario y contrase\u00f1a. "}], "lastModified": "2024-11-21T08:21:19.890", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:phpgurukul:dairy_farm_shop_management_system:1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A1EC8290-03A2-4AC6-922B-B469FBB0E453"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}