CVE-2023-50867

Description

Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the signupAction.php resource does not validate the characters received and they are sent unfiltered to the database.

CVSS Version 3.1

fluidattacks
CVE ID: CVE-2023-50867
Base Score: 9.8
Base Severity: CRITICAL
Vector String:CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Impact Score: 5.9
Exploitability Score: 3.9

fluid attacks
CVE ID: CVE-2023-50867
Base Score: 9.8
Base Severity: CRITICAL
Vector String:CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Refrence: NVD MITRE

Description​

Description