{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-1735","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2023-03-30T18:51:34.293Z","datePublished":"2023-03-30T19:31:02.774Z","dateUpdated":"2025-02-11T18:47:45.627Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2023-10-21T14:01:25.673Z"},"title":"SourceCodester Young Entrepreneur E-Negosyo System passwordrecover.php sql injection","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-89","lang":"en","description":"CWE-89 SQL Injection"}]}],"affected":[{"vendor":"SourceCodester","product":"Young Entrepreneur E-Negosyo System","versions":[{"version":"1.0","status":"affected"}]}],"descriptions":[{"lang":"en","value":"A vulnerability classified as critical was found in SourceCodester Young Entrepreneur E-Negosyo System 1.0. Affected by this vulnerability is an unknown functionality of the file passwordrecover.php. The manipulation of the argument phonenumber leads to sql injection. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-224623."},{"lang":"de","value":"In SourceCodester Young Entrepreneur E-Negosyo System 1.0 wurde eine kritische Schwachstelle entdeckt. Dabei geht es um eine nicht genauer bekannte Funktion der Datei passwordrecover.php. Durch die Manipulation des Arguments phonenumber mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen."}],"metrics":[{"cvssV3_1":{"version":"3.1","baseScore":6.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseSeverity":"MEDIUM"}},{"cvssV3_0":{"version":"3.0","baseScore":6.3,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseSeverity":"MEDIUM"}},{"cvssV2_0":{"version":"2.0","baseScore":6.5,"vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P"}}],"timeline":[{"time":"2023-03-30T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2023-03-30T00:00:00.000Z","lang":"en","value":"CVE reserved"},{"time":"2023-03-30T02:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2023-04-20T14:41:55.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"WWesleywww (VulDB User)","type":"analyst"}],"references":[{"url":"https://vuldb.com/?id.224623","tags":["vdb-entry","technical-description"]},{"url":"https://vuldb.com/?ctiid.224623","tags":["signature"]}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T05:57:25.202Z"},"title":"CVE Program Container","references":[{"url":"https://vuldb.com/?id.224623","tags":["vdb-entry","technical-description","x_transferred"]},{"url":"https://vuldb.com/?ctiid.224623","tags":["signature","x_transferred"]}]},{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-02-11T18:46:54.776516Z","id":"CVE-2023-1735","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-02-11T18:47:45.627Z"}}]}}