CVE-2023-2773

MEDIUM

Bus Dispatch and Information System 1.0 - SQL Injection via adminid Parameter

Title source: llm

Description

A vulnerability has been found in code-projects Bus Dispatch and Information System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file view_admin.php. The manipulation of the argument adminid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-229279.

References (3)

Core 3

Core References

Third Party Advisory vdb-entry technical-description

https://vuldb.com/?id.229279

Permissions Required, Third Party Advisory signature permissions-required

https://vuldb.com/?ctiid.229279

Broken Link exploit patch

https://gitee.com/zyz0103/system-vul/blob/master/Bus%20Dispatch%20and%20Information%20System%20in%20adminid%20has%20Sql%20injection%20vulnerabilities.pdf

Scores

CVSS v3 6.3

EPSS 0.0029

EPSS Percentile 52.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Details

CWE

CWE-89

Status published

Products (1)

bus_dispatch_and_information_system_project/bus_dispatch_and_information_system 1.0

Published May 17, 2023

Tracked Since Feb 18, 2026