CVE-2023-48689: Railway Reservation System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)
First published: Thu Dec 21 2023(Updated: )
Railway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'byname' parameter of the train.php resource does not validate the characters received and they are sent unfiltered to the database.
Credit: help@fluidattacks.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Projectworlds Railway Reservation System | =1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2023-48689?
CVE-2023-48689 is classified as a medium to high severity vulnerability due to its potential for SQL injection attacks.
How do I fix CVE-2023-48689?
To fix CVE-2023-48689, implement input validation on the 'byname' parameter to sanitize user inputs before processing them in the database.
What systems are affected by CVE-2023-48689?
CVE-2023-48689 affects Railway Reservation System version 1.0, which is developed by Projectworlds.
Can CVE-2023-48689 lead to data leakage?
Yes, exploiting CVE-2023-48689 can allow attackers to extract sensitive data from the database via SQL injection.
Is authentication required to exploit CVE-2023-48689?
No, CVE-2023-48689 is an unauthenticated SQL injection vulnerability, meaning it can be exploited without user login.
- agent/type
- agent/references
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/severity
- agent/weakness
- agent/title
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/tags
- agent/source
- vendor/projectworlds
- canonical/projectworlds railway reservation system
- version/projectworlds railway reservation system/1.0