Lucene search

[email protected]NVD:CVE-2023-27205

HistoryMar 09, 2023 - 9:15 p.m.

CVE-2023-27205

2023-03-0921:15:11

CWE-89

[email protected]

web.nvd.nist.gov

pos management system

sql injection

month parameter

sales report

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

52.6%

JSON

Best POS Management System 1.0 was discovered to contain a SQL injection vulnerability via the month parameter at /kruxton/sales_report.php.

Affected configurations

Nvd

Node

best_pos_management_system_projectbest_pos_management_systemMatch1.0

VendorProductVersionCPE
best_pos_management_system_projectbest_pos_management_system1.0cpe:2.3:a:best_pos_management_system_project:best_pos_management_system:1.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
best_pos_management_system_project	best_pos_management_system	1.0	cpe:2.3:a:best_pos_management_system_project:best_pos_management_system:1.0:::::::*

References

github.com/xiumulty/CVE/blob/main/best%20pos%20management%20system%20v1.0/sql%20in%20sales_report.php.md

www.sourcecodester.com/php/16127/best-pos-management-system-php.html

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

52.6%

JSON

Related for NVD:CVE-2023-27205

cvelist1 cve1 prion1