{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-1962","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2023-04-08T06:30:20.027Z","datePublished":"2023-04-09T08:00:05.147Z","dateUpdated":"2024-11-22T16:19:36.845Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2023-10-22T09:25:42.770Z"},"title":"SourceCodester Best Online News Portal POST Parameter forgot-password.php sql injection","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-89","lang":"en","description":"CWE-89 SQL Injection"}]}],"affected":[{"vendor":"SourceCodester","product":"Best Online News Portal","versions":[{"version":"1.0","status":"affected"}],"modules":["POST Parameter Handler"]}],"descriptions":[{"lang":"en","value":"A vulnerability classified as critical was found in SourceCodester Best Online News Portal 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/forgot-password.php of the component POST Parameter Handler. The manipulation of the argument username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-225361 was assigned to this vulnerability."},{"lang":"de","value":"In SourceCodester Best Online News Portal 1.0 wurde eine kritische Schwachstelle entdeckt. Das betrifft eine unbekannte Funktionalität der Datei /admin/forgot-password.php der Komponente POST Parameter Handler. Durch Manipulation des Arguments username mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung."}],"metrics":[{"cvssV3_1":{"version":"3.1","baseScore":7.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseSeverity":"HIGH"}},{"cvssV3_0":{"version":"3.0","baseScore":7.3,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseSeverity":"HIGH"}},{"cvssV2_0":{"version":"2.0","baseScore":7.5,"vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P"}}],"timeline":[{"time":"2023-04-08T00:00:00.000Z","lang":"en","value":"CVE reserved"},{"time":"2023-04-09T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2023-04-09T02:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2023-04-26T12:26:01.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"PEOIzEve (VulDB User)","type":"analyst"}],"references":[{"url":"https://vuldb.com/?id.225361","tags":["vdb-entry","technical-description"]},{"url":"https://vuldb.com/?ctiid.225361","tags":["signature","permissions-required"]},{"url":"https://github.com/PEOIzEve/bug_report/blob/main/SQLi-1.md","tags":["exploit"]}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T06:05:27.082Z"},"title":"CVE Program Container","references":[{"url":"https://vuldb.com/?id.225361","tags":["vdb-entry","technical-description","x_transferred"]},{"url":"https://vuldb.com/?ctiid.225361","tags":["signature","permissions-required","x_transferred"]},{"url":"https://github.com/PEOIzEve/bug_report/blob/main/SQLi-1.md","tags":["exploit","x_transferred"]}]},{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-11-22T16:19:29.951189Z","id":"CVE-2023-1962","options":[{"Exploitation":"poc"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-11-22T16:19:36.845Z"}}]}}