Best Online News Portal
CVE-2023-0784
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
A vulnerability classified as critical has been found in SourceCodester Best Online News Portal 1.0. Affected is an unknown function of the component Login Page. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-220644.
AnalysisAI
A vulnerability classified as critical has been found in SourceCodester Best Online News Portal 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified as SQL Injection (CWE-89), which allows attackers to execute arbitrary SQL commands against the database. A vulnerability classified as critical has been found in SourceCodester Best Online News Portal 1.0. Affected is an unknown function of the component Login Page. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-220644. Affected products include: Mayurik Best Online News Portal.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use parameterized queries/prepared statements. Never concatenate user input into SQL. Apply least-privilege database permissions.
More in Best Online News Portal
View allA vulnerability classified as critical was found in SourceCodester Best Online News Portal 1.0. Rated critical severity
SQL injection vulnerability have been found in 101news affecting version 1.0 through the "searchtitle" parameter in sear
SQL injection vulnerability have been found in 101news affecting version 1.0 through the "description" parameter in admi
SQL injection vulnerability have been found in 101news affecting version 1.0 through the "pagetitle" and "pagedescriptio
SQL injection vulnerability have been found in 101news affecting version 1.0 through the "sadminusername" parameter in a
SQL injection vulnerability have been found in 101news affecting version 1.0 through the "category" and "subcategory" pa
SQL injection vulnerability have been found in 101news affecting version 1.0 through the "pagedescription" parameter in
SQL injection vulnerability have been found in 101news affecting version 1.0 through the "username" parameter in admin/c
A vulnerability classified as critical was found in SourceCodester Best Online News Portal 1.0. Rated medium severity (C
A vulnerability classified as critical has been found in SourceCodester Best Online News Portal 1.0. Rated medium severi
A vulnerability classified as problematic was found in SourceCodester Best Online News Portal 1.0. Rated low severity (C
A vulnerability was found in SourceCodester Best Online News Portal 1.0. Rated medium severity (CVSS 6.9), this vulnerab
Same weakness CWE-89 – SQL Injection
View allShare
External POC / Exploit Code
Leaving vuln.today