{"api_version":"1","generated_at":"2026-04-23T12:21:27+00:00","cve":"CVE-2023-1461","urls":{"html":"https://cve.report/CVE-2023-1461","api":"https://cve.report/api/cve/CVE-2023-1461.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-1461","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-1461"},"summary":{"title":"CVE-2023-1461","description":"A vulnerability was found in SourceCodester Canteen Management System 1.0. It has been declared as critical. This vulnerability affects the function query of the file createCategories.php. The manipulation of the argument categoriesStatus leads to sql injection. The attack can be initiated remotely. VDB-223306 is the identifier assigned to this vulnerability.","state":"PUBLIC","assigner":"cna@vuldb.com","published_at":"2023-03-17 09:15:00","updated_at":"2023-11-07 04:03:00"},"problem_types":["CWE-89"],"metrics":[],"references":[{"url":"https://blog.csdn.net/weixin_43864034/article/details/129622219","name":"https://blog.csdn.net/weixin_43864034/article/details/129622219","refsource":"MISC","tags":[],"title":"SourceCodester Canteen Management System createCategories.php sql injection_@sec的博客-CSDN博客","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://vuldb.com/?id.223306","name":"https://vuldb.com/?id.223306","refsource":"MISC","tags":[],"title":"Login required","mime":"text/html","httpstatus":"401","archivestatus":"404"},{"url":"https://vuldb.com/?ctiid.223306","name":"https://vuldb.com/?ctiid.223306","refsource":"MISC","tags":[],"title":"Login required","mime":"text/html","httpstatus":"401","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-1461","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1461","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2023","cve_id":"1461","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"canteen_management_system_project","cpe5":"canteen_management_system","cpe6":"1.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2023-1461","ASSIGNER":"cna@vuldb.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"A vulnerability was found in SourceCodester Canteen Management System 1.0. It has been declared as critical. This vulnerability affects the function query of the file createCategories.php. The manipulation of the argument categoriesStatus leads to sql injection. The attack can be initiated remotely. VDB-223306 is the identifier assigned to this vulnerability."},{"lang":"deu","value":"In SourceCodester Canteen Management System 1.0 wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Das betrifft die Funktion query der Datei createCategories.php. Mittels Manipulieren des Arguments categoriesStatus mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-89 SQL Injection","cweId":"CWE-89"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"SourceCodester","product":{"product_data":[{"product_name":"Canteen Management System","version":{"version_data":[{"version_affected":"=","version_value":"1.0"}]}}]}}]}},"references":{"reference_data":[{"url":"https://vuldb.com/?id.223306","refsource":"MISC","name":"https://vuldb.com/?id.223306"},{"url":"https://vuldb.com/?ctiid.223306","refsource":"MISC","name":"https://vuldb.com/?ctiid.223306"},{"url":"https://blog.csdn.net/weixin_43864034/article/details/129622219","refsource":"MISC","name":"https://blog.csdn.net/weixin_43864034/article/details/129622219"}]},"credits":[{"lang":"en","value":"faith (VulDB User)"}],"impact":{"cvss":[{"version":"3.1","baseScore":6.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseSeverity":"MEDIUM"},{"version":"3.0","baseScore":6.3,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseSeverity":"MEDIUM"},{"version":"2.0","baseScore":6.5,"vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P"}]}},"nvd":{"publishedDate":"2023-03-17 09:15:00","lastModifiedDate":"2023-11-07 04:03:00","problem_types":["CWE-89"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL"},"exploitabilityScore":3.9,"impactScore":5.9}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:canteen_management_system_project:canteen_management_system:1.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}