CVE-2021-26762

Опубликовано: 22 июл. 2021

Источник: nvd

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

SQL injection vulnerability in PHPGurukul Student Record System 4.0 allows remote attackers to execute arbitrary SQL statements, via the cid parameter to edit-course.php.

Ссылки

https://phpgurukul.com/
Vendor Advisory
https://phpgurukul.com/wp-content/uploads/2019/05/schoolmanagement.zip
Vendor Advisory
https://www.exploit-db.com/exploits/49513
Exploit
Third Party Advisory
VDB Entry
https://phpgurukul.com/
Vendor Advisory
https://phpgurukul.com/wp-content/uploads/2019/05/schoolmanagement.zip
Vendor Advisory
https://www.exploit-db.com/exploits/49513
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:phpgurukul:student_record_system:4.0:*:*:*:*:*:*:*

EPSS

Процентиль: 78%

0.01147

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-3c28-3f3c-gjf8