Описание
A SQL Injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the id parameter in the my_classmates.php web page.. As a result, an attacker can extract sensitive data from the web server and in some cases can use this vulnerability in order to get a remote code execution on the remote web server.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
- ExploitThird Party Advisory
- ProductThird Party Advisory
- ExploitThird Party Advisory
- ExploitThird Party Advisory
- ExploitThird Party Advisory
- ProductThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:engineers_online_portal_project:engineers_online_portal:-:*:*:*:*:*:*:*
EPSS
Процентиль: 96%
0.21401
Средний
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-89
Связанные уязвимости
github
больше 3 лет назад
A SQL Injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the id parameter in the my_classmates.php web page.. As a result, an attacker can extract sensitive data from the web server and in some cases can use this vulnerability in order to get a remote code execution on the remote web server.
EPSS
Процентиль: 96%
0.21401
Средний
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-89