Lost And Found Information System
CVE-2023-33677
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
Sourcecodester Lost and Found Information System's Version 1.0 is vulnerable to unauthenticated SQL Injection at "?page=items/view&id=*".
AnalysisAI
Sourcecodester Lost and Found Information System's Version 1.0 is vulnerable to unauthenticated SQL Injection at "?page=items/view&id=*". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as SQL Injection (CWE-89), which allows attackers to execute arbitrary SQL commands against the database. Sourcecodester Lost and Found Information System's Version 1.0 is vulnerable to unauthenticated SQL Injection at "?page=items/view&id=*". Affected products include: Oretnom23 Lost And Found Information System. Version information: Version 1.0.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use parameterized queries/prepared statements. Never concatenate user input into SQL. Apply least-privilege database permissions.
SQL Injection vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via
Lost and Found Information System 1.0 allows account takeover via username and password to a /classes/Users.php?f=save U
Lost and Found Information System v1.0 was discovered to contain a SQL injection vulnerability via the component /php-lf
A vulnerability, which was classified as critical, has been found in SourceCodester Lost and Found Information System 1.
A vulnerability classified as critical was found in SourceCodester Lost and Found Information System 1.0. Rated critical
A vulnerability classified as critical has been found in SourceCodester Lost and Found Information System 1.0. Rated cri
A vulnerability was found in SourceCodester Lost and Found Information System 1.0. Rated critical severity (CVSS 9.8), t
A vulnerability was found in SourceCodester Lost and Found Information System 1.0 and classified as critical. Rated crit
A vulnerability classified as critical was found in SourceCodester Lost and Found Information System 1.0. Rated critical
A vulnerability classified as critical has been found in SourceCodester Lost and Found Information System 1.0. Rated cri
SQL Injection vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via
A vulnerability has been found in SourceCodester Lost and Found Information System 1.0 and classified as critical. Rated
Same weakness CWE-89 – SQL Injection
View allShare
External POC / Exploit Code
Leaving vuln.today