Описание
A SQL injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the id parameter to the announcements_student.php web page. As a result a malicious user can extract sensitive data from the web server and in some cases use this vulnerability in order to get a remote code execution on the remote web server.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
- ProductThird Party Advisory
- ExploitThird Party Advisory
- ExploitThird Party Advisory
- ProductThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:engineers_online_portal_project:engineers_online_portal:-:*:*:*:*:*:*:*
EPSS
Процентиль: 98%
0.58031
Средний
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-89
Связанные уязвимости
github
больше 3 лет назад
A SQL injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the id parameter to the announcements_student.php web page. As a result a malicious user can extract sensitive data from the web server and in some cases use this vulnerability in order to get a remote code execution on the remote web server.
EPSS
Процентиль: 98%
0.58031
Средний
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-89