Campcodes Online Traffic Offense Management System SQL Injection Vulnerability (CNVD-2023-29406)

2023-04-1800:00:00

China National Vulnerability Database

www.cnvd.org.cn

campcodes

online traffic offense management

sql injection

vulnerability

validation

external input

sql statements

parameter

password

attackers

illegal commands

sensitive data

database

0.002 Low

EPSS

Percentile

52.2%

JSON

Campcodes Online Traffic Offense Management System is a web-based traffic offense management system. A SQL injection vulnerability exists in Campcodes Online Traffic Offense Management System v1.0. The vulnerability stems from the lack of validation of external input SQL statements in the parameter password of the file /classes/Login.php, which can be exploited by attackers to execute illegal SQL commands to steal sensitive database data.

CPENameOperatorVersion
campcodes online traffic offense management system campcodes online traffic offense management system veq1.0

CPE	Name	Operator	Version
	campcodes online traffic offense management system campcodes online traffic offense management system v	eq	1.0

0.002 Low

EPSS

Percentile

52.2%

JSON

Related for CNVD-2023-29406