Home

Description

A vulnerability was detected in PKrystian Full-Stack-Bank up to bf73a0179e3ff07c0d7dc35297cea0be0e5b1317. This vulnerability affects unknown code of the component User Handler. Performing manipulation results in sql injection. It is possible to initiate the attack remotely. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The patch is named 25c9965a872c704f3a9475488dc5d3196902199a. It is suggested to install a patch to address this issue.

PUBLISHED Reserved 2025-12-29 | Published 2025-12-31 | Updated 2026-01-02 | Assigner VulDB




MEDIUM: 5.1CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X
MEDIUM: 4.7CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C
MEDIUM: 4.7CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C
5.8AV:N/AC:L/Au:M/C:P/I:P/A:P/E:ND/RL:OF/RC:C

Problem types

SQL Injection

Injection

Product status

bf73a0179e3ff07c0d7dc35297cea0be0e5b1317
affected

Timeline

2023-06-10:Advisory disclosed
2023-06-10:Countermeasure disclosed
2025-12-29:VulDB entry created
2025-12-29:VulDB entry last update

Credits

VulDB GitHub Commit Analyzer tool

References

vuldb.com/?id.338650 (VDB-338650 | PKrystian Full-Stack-Bank User sql injection) vdb-entry

vuldb.com/?ctiid.338650 (VDB-338650 | CTI Indicators (IOB, IOC, TTP)) signature permissions-required

github.com/PKrystian/Full-Stack-Bank/pull/21 issue-tracking

github.com/...ommit/25c9965a872c704f3a9475488dc5d3196902199a patch

cve.org (CVE-2023-7331)

nvd.nist.gov (CVE-2023-7331)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.