Описание
Obi08/Enrollment System 1.0 contains a SQL injection vulnerability in the keyword parameter of /get_subject.php that allows unauthenticated attackers to execute arbitrary SQL queries. Attackers can use UNION-based injection to extract sensitive information from the users table including usernames and passwords.
EPSS
Процентиль: 30%
0.00108
Низкий
Дефекты
CWE-89
Связанные уязвимости
github
2 месяца назад
Obi08/Enrollment System 1.0 contains a SQL injection vulnerability in the keyword parameter of /get_subject.php that allows unauthenticated attackers to execute arbitrary SQL queries. Attackers can use UNION-based injection to extract sensitive information from the users table including usernames and passwords.
EPSS
Процентиль: 30%
0.00108
Низкий
Дефекты
CWE-89