CRITICAL🇵🇱 Wersja polska

CVE-2023-51951

CVSS 9.8v3.1pub. 2024-02-05upd. 2026-02-06

SQL Injection vulnerability in Stock Management System 1.0 allows a remote attacker to execute arbitrary code via the id parameter in the manage_bo.php file.

🤖 AI Analysis
How it works

The vulnerability occurs in the 'id' parameter passed to the manage_bo.php file, which is not properly validated or sanitized before being used in an SQL query. An attacker can inject malicious SQL code over the network without needing any permissions or user interaction. Through a properly crafted SQL payload, it is possible to execute arbitrary code on the server (RCE).

Impact

An attacker can gain full control over the database and execute arbitrary code on the server, leading to violations of confidentiality, integrity, and availability of the entire system. Data theft, modification, or complete destruction is possible.

Mitigation & patch

Patches available from the manufacturer should be applied in accordance with references. As a temporary measure, it is recommended to restrict network access to the application, implement firewall rules, and deploy a Web Application Firewall (WAF) blocking typical SQL Injection patterns.

Who is affected

Stock Management System version 1.0 (Stock Management System Project).

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Stock Management System Project Stock Management System

    APP
    Stock Management System Project
    1.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCESQLi
CWE
References

Related vulnerabilities

CVE-2024-36779CRITICAL9.8PL ✓ten sam produkt

SQL Injection w Sourcecodester Stock Management System v1.0

CVE-2020-24197CRITICAL9.8ten sam produkt

A SQL injection vulnerability in the login component in Stock Management System v1.0 allows remote attacker to...

CVE-2022-4088HIGH7.3ten sam produkt

A vulnerability was found in rickxy Stock Management System and classified as critical. Affected by this issue...

CVE-2020-23830HIGH7.1ten sam produkt

A Cross-Site Request Forgery (CSRF) vulnerability in changeUsername.php in SourceCodester Stock Management Sys...

CVE-2022-4089MEDIUM4.3ten sam produkt

A vulnerability was found in rickxy Stock Management System. It has been declared as problematic. This vulnera...