{"api_version":"1","generated_at":"2026-07-08T00:51:53+00:00","cve":"CVE-2023-2653","urls":{"html":"https://cve.report/CVE-2023-2653","api":"https://cve.report/api/cve/CVE-2023-2653.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-2653","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-2653"},"summary":{"title":"CVE-2023-2653","description":"A vulnerability classified as critical was found in SourceCodester Lost and Found Information System 1.0. Affected by this vulnerability is an unknown functionality of the file items/index.php. The manipulation of the argument cid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-228781 was assigned to this vulnerability.","state":"PUBLIC","assigner":"cna@vuldb.com","published_at":"2023-05-11 09:15:00","updated_at":"2023-11-07 04:13:00"},"problem_types":["CWE-89"],"metrics":[],"references":[{"url":"https://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/Lost-and-Found-Information-System---Multiple-SQL-injections.md","name":"https://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/Lost-and-Found-Information-System---Multiple-SQL-injections.md","refsource":"MISC","tags":[],"title":"CVEproject/Lost-and-Found-Information-System---Multiple-SQL-injections.md at main · xiahao90/CVEproject · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://vuldb.com/?id.228781","name":"https://vuldb.com/?id.228781","refsource":"MISC","tags":[],"title":"CVE-2023-2653: SourceCodester Lost and Found Information System index.php sql injection","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://vuldb.com/?ctiid.228781","name":"https://vuldb.com/?ctiid.228781","refsource":"MISC","tags":[],"title":"Login required","mime":"text/html","httpstatus":"401","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-2653","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-2653","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2023","cve_id":"2653","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"lost_and_found_information_system_project","cpe5":"lost_and_found_information_system","cpe6":"1.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"2653","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oretnom23","cpe5":"lost_and_found_information_system","cpe6":"1.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2023-2653","ASSIGNER":"cna@vuldb.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"A vulnerability classified as critical was found in SourceCodester Lost and Found Information System 1.0. Affected by this vulnerability is an unknown functionality of the file items/index.php. The manipulation of the argument cid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-228781 was assigned to this vulnerability."},{"lang":"deu","value":"In SourceCodester Lost and Found Information System 1.0 wurde eine kritische Schwachstelle entdeckt. Das betrifft eine unbekannte Funktionalität der Datei items/index.php. Durch die Manipulation des Arguments cid mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-89 SQL Injection","cweId":"CWE-89"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"SourceCodester","product":{"product_data":[{"product_name":"Lost and Found Information System","version":{"version_data":[{"version_affected":"=","version_value":"1.0"}]}}]}}]}},"references":{"reference_data":[{"url":"https://vuldb.com/?id.228781","refsource":"MISC","name":"https://vuldb.com/?id.228781"},{"url":"https://vuldb.com/?ctiid.228781","refsource":"MISC","name":"https://vuldb.com/?ctiid.228781"},{"url":"https://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/Lost-and-Found-Information-System---Multiple-SQL-injections.md","refsource":"MISC","name":"https://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/Lost-and-Found-Information-System---Multiple-SQL-injections.md"}]},"credits":[{"lang":"en","value":"webray.com.cn (VulDB User)"}],"impact":{"cvss":[{"version":"3.1","baseScore":6.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseSeverity":"MEDIUM"},{"version":"3.0","baseScore":6.3,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseSeverity":"MEDIUM"},{"version":"2.0","baseScore":6.5,"vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P"}]}},"nvd":{"publishedDate":"2023-05-11 09:15:00","lastModifiedDate":"2023-11-07 04:13:00","problem_types":["CWE-89"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL"},"exploitabilityScore":3.9,"impactScore":5.9}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:oretnom23:lost_and_found_information_system:1.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}