CVE-2023-0988 : A vulnerability, which was classified as problematic, has been found in SourceCo

A vulnerability, which was classified as problematic, has been found in SourceCodester Online Pizza Ordering System 1.0. This issue affects some unknown processing of the file admin/ajax.php?action=save_user. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221681 was assigned to this vulnerability.

Published 2023-02-23 16:15:12

Updated 2024-05-17 02:17:43

Source VulDB

View at NVD, CVE.org

Vulnerability category: Cross-site request forgery (CSRF)

Products affected by CVE-2023-0988

Online Pizza Ordering System Project » Online Pizza Ordering System » Version: 1.0
cpe:2.3:a:online_pizza_ordering_system_project:online_pizza_ordering_system:1.0:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2023-0988

EPSS FAQ

0.06%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 17 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-0988

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:P/A:N	10.0	2.9	VulDB
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None
4.3	MEDIUM	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	2.8	1.4	VulDB
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: None Integrity: Low Availability: None
4.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	2.8	1.4	VulDB	2024-02-29
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: None Integrity: Low Availability: None
8.8	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	2.8	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2023-0988

CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

Assigned by: cna@vuldb.com (Primary)

References for CVE-2023-0988

https://vuldb.com/?ctiid.221681

Login required
Permissions Required;Third Party Advisory;VDB Entry
https://github.com/1MurasaKi/PizzaCSRF_report/tree/main/vender/Online%20Pizza%20Ordering%20System

PizzaCSRF_report/vender/Online Pizza Ordering System at main · 1MurasaKi/PizzaCSRF_report · GitHub
Exploit;Third Party Advisory
https://vuldb.com/?id.221681

Login required
Third Party Advisory;VDB Entry

Jump to

Vulnerability Details : CVE-2023-0988

Products affected by CVE-2023-0988

Exploit prediction scoring system (EPSS) score for CVE-2023-0988

CVSS scores for CVE-2023-0988

CWE ids for CVE-2023-0988

References for CVE-2023-0988