Campcodes Online Traffic Offense Management System SQL Injection Vulnerability (CNVD-2023-29407)

2023-04-1800:00:00

China National Vulnerability Database

www.cnvd.org.cn

sql injection

web-based system

vulnerability

validation

parameter

exploited

attackers

database

data theft

0.002 Low

EPSS

Percentile

52.2%

JSON

Campcodes Online Traffic Offense Management System is a web-based traffic offense management system. A SQL injection vulnerability exists in Campcodes Online Traffic Offense Management System v1.0. The vulnerability stems from the lack of validation of external input SQL statements in the parameter id of the file /classes/Master.php, which can be exploited by attackers to execute illegal SQL commands to steal sensitive database data.

CPENameOperatorVersion
campcodes online traffic offense management system campcodes online traffic offense management system veq1.0

CPE	Name	Operator	Version
	campcodes online traffic offense management system campcodes online traffic offense management system v	eq	1.0

0.002 Low

EPSS

Percentile

52.2%

JSON

Related for CNVD-2023-29407