Lucene search

MitreCVE-2023-27205

HistoryMar 09, 2023 - 9:15 p.m.

CVE-2023-27205

2023-03-0921:15:11

CWE-89

mitre

web.nvd.nist.gov

cve-2023-27205

sql injection

best pos management system 1.0

vulnerability

nvd

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

52.6%

JSON

Best POS Management System 1.0 was discovered to contain a SQL injection vulnerability via the month parameter at /kruxton/sales_report.php.

Affected configurations

Nvd

Node

best_pos_management_system_projectbest_pos_management_systemMatch1.0

VendorProductVersionCPE
best_pos_management_system_projectbest_pos_management_system1.0cpe:2.3:a:best_pos_management_system_project:best_pos_management_system:1.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
best_pos_management_system_project	best_pos_management_system	1.0	cpe:2.3:a:best_pos_management_system_project:best_pos_management_system:1.0:::::::*

References

github.com/xiumulty/CVE/blob/main/best%20pos%20management%20system%20v1.0/sql%20in%20sales_report.php.md

www.sourcecodester.com/php/16127/best-pos-management-system-php.html

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

52.6%

JSON

Related for CVE-2023-27205