CVE Report for Damn Vulnerable Web Application (DVWA)

In case you need a quick laugh, have a look at this CVE report.

For context: quote DVWA Repo:

Damn Vulnerable Web Application (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goal is to be an aid for security professionals to test their skills and tools in a legal environment, [...].

https://nvd.nist.gov/vuln/detail/CVE-2023-39848#VulnChangeHistorySectionOpen link View original on postit.quantentoast.de

Comments3

Sysosmaster

infosec.pub

Saved you a click:

REJECTED CVE has been marked "REJECT" in the CVE List. These CVEs are stored in the NVD, but do not show up in search results.

faebudo reply

infosec.pub

Originally was:

"DVWA v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at blind\source\high.php."

Source report: https://github.com/KLSEHB/vulnerability-report/blob/c1f3f27286e435d1bd5893a5fea2ffbe9fb55cbd/Dvwa_vulnerability

Mike reply

postit.quantentoast.de

I thought this would be visible with my link. Specifically shared the "show changes" Link but that doesn't seem to work.