{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-1461","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2023-03-17T07:51:58.625Z","datePublished":"2023-03-17T08:00:10.175Z","dateUpdated":"2024-08-02T05:49:11.454Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2024-02-13T07:48:51.144Z"},"title":"SourceCodester Canteen Management System createCategories.php query sql injection","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-89","lang":"en","description":"CWE-89 SQL Injection"}]}],"affected":[{"vendor":"SourceCodester","product":"Canteen Management System","versions":[{"version":"1.0","status":"affected"}]}],"descriptions":[{"lang":"en","value":"A vulnerability was found in SourceCodester Canteen Management System 1.0. It has been declared as critical. This vulnerability affects the function query of the file createCategories.php. The manipulation of the argument categoriesStatus leads to sql injection. The attack can be initiated remotely. VDB-223306 is the identifier assigned to this vulnerability."},{"lang":"de","value":"In SourceCodester Canteen Management System 1.0 wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Das betrifft die Funktion query der Datei createCategories.php. Mittels Manipulieren des Arguments categoriesStatus mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden."}],"metrics":[{"cvssV3_1":{"version":"3.1","baseScore":6.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseSeverity":"MEDIUM"}},{"cvssV3_0":{"version":"3.0","baseScore":6.3,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseSeverity":"MEDIUM"}},{"cvssV2_0":{"version":"2.0","baseScore":6.5,"vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P"}}],"timeline":[{"time":"2023-03-17T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2023-03-17T00:00:00.000Z","lang":"en","value":"CVE reserved"},{"time":"2023-03-17T01:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2023-04-11T12:47:35.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"faith (VulDB User)","type":"reporter"}],"references":[{"url":"https://vuldb.com/?id.223306","tags":["vdb-entry","technical-description"]},{"url":"https://vuldb.com/?ctiid.223306","tags":["signature","permissions-required"]},{"url":"https://blog.csdn.net/weixin_43864034/article/details/129622219","tags":["broken-link"]}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T05:49:11.454Z"},"title":"CVE Program Container","references":[{"url":"https://vuldb.com/?id.223306","tags":["vdb-entry","technical-description","x_transferred"]},{"url":"https://vuldb.com/?ctiid.223306","tags":["signature","permissions-required","x_transferred"]},{"url":"https://blog.csdn.net/weixin_43864034/article/details/129622219","tags":["broken-link","x_transferred"]}]}]}}