Skip to content

Instantly share code, notes, and snippets.

@enferas

enferas/CVE-2023-23026.md

Created January 24, 2023 11:19
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save enferas/63b2bc406f50349403029c26683e84ce to your computer and use it in GitHub Desktop.
Save enferas/63b2bc406f50349403029c26683e84ce to your computer and use it in GitHub Desktop.
Download ZIP
CVE-2023-23026
Raw
CVE-2023-23026.md

CVE-2023-23026 is assigned

Cross site scripting (XSS) vulnerability in sourcecodester oretnom23 sales management system 1.0, allows attackers to execute arbitrary code via the product_name and product_price inputs in file print.php.

Link: https://www.sourcecodester.com/php-codeigniter-simple-sales-management-system-source-code

Mutiple XSS vulnerabilities.

The input (sources) are saved directly in the database.

// Controllers/Categories.php
$data = $this->input->post();
if ($insert_id = DB::save(TABLE_CATEGORIES, $data)) {
  //...
}

// Controllers/Orders.php
$data = $this->input->post();
if(DB::save(TABLE_ORDERS, $data)){
  //...
}

// Controllers/Products.php
$data = $this->input->post();
if ($insert_id = DB::save(TABLE_PRODUCTS, $data)) {
  //...
}
// views/orders/print.php
<?php
$product_name = DB::get_cell(TABLE_PRODUCTS, $where, 'product_name');
?>
<td><?=$product_name ?></td>

// views/orders/form.php
<?php foreach(DB::get(TABLE_PRODUCTS) as $row): ?>
  <option value="<?=$row->product_id ?>"><?=ucfirst($row->product_name) ?> - <?=$row->product_price ?></option>
<?php endforeach; ?>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment