Описание
Multiple SQL Injection vulnerabilities in Teachers Record Management System 1.0 allow remote authenticated users to execute arbitrary SQL commands via the 'editid' GET parameter in edit-subjects-detail.php, edit-teacher-detail.php, or the 'searchdata' POST parameter in search.php.
Multiple SQL Injection vulnerabilities in Teachers Record Management System 1.0 allow remote authenticated users to execute arbitrary SQL commands via the 'editid' GET parameter in edit-subjects-detail.php, edit-teacher-detail.php, or the 'searchdata' POST parameter in search.php.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2021-28423
- https://nhattruong.blog/2021/05/22/cve-2021-28423-teachers-record-management-system-1-0-searchdata-error-based-sql-injection-authenticated
- https://packetstormsecurity.com/files/163172/Teachers-Record-Management-System-1.0-SQL-Injection.html
- https://phpgurukul.com/teachers-record-management-system-using-php-and-mysql
- https://www.exploit-db.com/exploits/50018
Связанные уязвимости
Multiple SQL Injection vulnerabilities in Teachers Record Management System 1.0 thru 2.1 allow remote authenticated users to execute arbitrary SQL commands via the 'editid' GET parameter in edit-subjects-detail.php, edit-teacher-detail.php, or the 'searchdata' POST parameter in search.php.