exploitDog

CVE-2023-5011

Опубликовано: 20 дек. 2023

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

Student Information System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'coursename' parameter of the marks.php resource does not validate the characters received and they are sent unfiltered to the database.

Ссылки

https://fluidattacks.com/advisories/kissin/
Exploit
Third Party Advisory
https://www.kashipara.com/
Not Applicable
https://fluidattacks.com/advisories/kissin/
Exploit
Third Party Advisory
https://www.kashipara.com/
Not Applicable

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:kashipara:student_information_system:1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 26%

0.00089

Низкий

8.8 High

CVSS3

Дефекты

CWE-89

Связанные уязвимости

GHSA-rwhw-p34v-qx7h

CVSS3: 9.8

github

около 2 лет назад

Student Information System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'coursename' parameter of the marks.php resource does not validate the characters received and they are sent unfiltered to the database.

EPSS

Процентиль: 26%

0.00089

Низкий

8.8 High

CVSS3

Дефекты

CWE-89