CVE-2023-1589

🗓️ 23 Mar 2023 08:00:05Reported by VulDBType

cve🔗 web.nvd.nist.gov👁 48 Views🌐 WEB

Vulnerability in SourceCodester Online Tours & Travels Management System 1.0 allows remote SQL injection via id parameter in admin/operations/approve_delete.php

Reporter	Title	Published	Views	Family All 9
Circl	CVE-2023-1589	23 Mar 202311:36	–	circl
CNNVD	Online Tours & Travels Management System SQL注入漏洞	23 Mar 202300:00	–	cnnvd
Cvelist	CVE-2023-1589 SourceCodester Online Tours & Travels Management System approve_delete.php exec sql injection	23 Mar 202308:00	–	cvelist
EUVD	EUVD-2023-23821	3 Oct 202520:07	–	euvd
NVD	CVE-2023-1589	23 Mar 202308:15	–	nvd
Prion	Sql injection	23 Mar 202308:15	–	prion
Positive Technologies	PT-2023-17098 · Sourcecodester · Sourcecodester Online Tours & Travels Management System	23 Mar 202300:00	–	ptsecurity
RedhatCVE	CVE-2023-1589	23 May 202503:00	–	redhatcve
Vulnrichment	CVE-2023-1589 SourceCodester Online Tours & Travels Management System approve_delete.php exec sql injection	23 Mar 202308:00	–	vulnrichment

NVD

Vulners

Node

online_tours_&_travels_management_system_project online_tours_&_travels_management_systemMatch1.0

[
  {
    "vendor": "SourceCodester",
    "product": "Online Tours & Travels Management System",
    "versions": [
      {
        "version": "1.0",
        "status": "affected"
      }
    ]
  }
]

Source	Link
blog	www.blog.csdn.net/weixin_43864034/article/details/129729911
vuldb	www.vuldb.com/
vuldb	www.vuldb.com/

Parameter	Position	Path	Description	CWE
id	query param	admin/operations/approve_delete.php	SQL injection vulnerability in admin/operations/approve_delete.php via id parameter allowing remote attacker to manipulate SQL.	CWE-89

21 Nov 2024 07:39Current

8.2High risk

Vulners AI Score8.2

CVSS 3.16.3 - 9.8

CVSS 26.5

CVSS 36.3

EPSS0.00306

SSVC

CWE-89