Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-7131— code-projects Intern Membership Management System User Registration sql injection

CVSS 6.3 · Medium EPSS 0.12% · P31
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2023-7131

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
code-projects Intern Membership Management System User Registration sql injection
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability was found in code-projects Intern Membership Management System 2.0 and classified as critical. Affected by this issue is some unknown functionality of the file /user_registration/ of the component User Registration. The manipulation of the argument userName leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-249134 is the identifier assigned to this vulnerability.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Intern Membership Management System 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Intern Membership Management System是一个实习生会员管理系统。 Intern Membership Management System 存在安全漏洞。目前尚无此漏洞的相关信息,请随时关注CNNVD或厂商公告。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
code-projectsIntern Membership Management System 2.0 -

II. Public POCs for CVE-2023-7131

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2023-7131

登录查看更多情报信息。

Same Patch Batch · code-projects · 2023-12-28 · 14 CVEs total

CVE-2023-71386.3 MEDIUMcode-projects Client Details System HTTP POST Request admin sql injection
CVE-2023-71376.3 MEDIUMcode-projects Client Details System HTTP POST Request sql injection
CVE-2023-71286.3 MEDIUMcode-projects Voting System Admin Login sql injection
CVE-2023-71276.3 MEDIUMcode-projects Automated Voting System Login sql injection
CVE-2023-71266.3 MEDIUMcode-projects Automated Voting System Admin Login sql injection
CVE-2023-71295.5 MEDIUMcode-projects Voting System Voters Login sql injection
CVE-2023-71414.3 MEDIUMcode-projects Client Details System update-clients.php sql injection
CVE-2023-71404.3 MEDIUMcode-projects Client Details System manage-users.php sql injection
CVE-2023-71394.3 MEDIUMcode-projects Client Details System HTTP POST Request regester.php sql injection
CVE-2023-71244.3 MEDIUMcode-projects E-Commerce Site search.php cross site scripting
CVE-2023-71323.5 LOWcode-projects Intern Membership Management System User Registration cross site scripting
CVE-2023-71362.4 LOWcode-projects Record Management System Document Type doctype.php cross site scripting
CVE-2023-71352.4 LOWcode-projects Record Management System Offices offices.php cross site scripting

IV. Related Vulnerabilities

Same product: Intern Membership Management System
Same vendor: code-projects
Same weakness: CWE-89

V. Comments for CVE-2023-7131

No comments yet

Leave a comment