CVE-2023-48685: Railway Reservation System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)
First published: Thu Dec 21 2023(Updated: )
Railway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'psd' parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database.
Credit: help@fluidattacks.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Projectworlds Railway Reservation System | =1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2023-48685?
CVE-2023-48685 is classified as a high severity vulnerability due to the potential for unauthenticated SQL injection attacks.
How do I fix CVE-2023-48685?
To fix CVE-2023-48685, ensure that all user inputs, particularly the 'psd' parameter, are properly validated and sanitized before processing.
Which software versions are affected by CVE-2023-48685?
CVE-2023-48685 affects Railway Reservation System version 1.0.
What types of attacks can be carried out using CVE-2023-48685?
CVE-2023-48685 can be exploited to execute unauthorized SQL queries, potentially leading to data leakage or manipulation.
Are there any known exploits for CVE-2023-48685?
As of now, there are no publicly disclosed exploits for CVE-2023-48685, but the vulnerability poses a significant risk.
- agent/references
- agent/type
- agent/event
- agent/first-publish-date
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/severity
- agent/weakness
- agent/title
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/tags
- agent/source
- vendor/projectworlds
- canonical/projectworlds railway reservation system
- version/projectworlds railway reservation system/1.0