exploitDog

CVE-2023-5008

Опубликовано: 08 дек. 2023

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

Student Information System v1.0 is vulnerable to an unauthenticated SQL Injection vulnerability on the 'regno' parameter of index.php page, allowing an external attacker to dump all the contents of the database contents and bypass the login control.

Ссылки

https://fluidattacks.com/advisories/blechacz/
Exploit
Third Party Advisory
https://www.kashipara.com/
Product
https://fluidattacks.com/advisories/blechacz/
Exploit
Third Party Advisory
https://www.kashipara.com/
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:imsurajghosh:student_information_system:1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 9%

0.00031

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-89

Связанные уязвимости

GHSA-x39h-hvgc-6v42

CVSS3: 9.8

github

около 2 лет назад

Student Information System v1.0 is vulnerable to an unauthenticated SQL Injection vulnerability on the 'regno' parameter of index.php page, allowing an external attacker to dump all the contents of the database contents and bypass the login control.

EPSS

Процентиль: 9%

0.00031

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-89