Описание
Institute-of-Current-Students v1.0 contains a time-based blind SQL injection vulnerability in the mydetailsstudent.php endpoint. The myds GET parameter is not adequately sanitized before being used in SQL queries.
Ссылки
- Issue TrackingVendor Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:vishalmathur:institute-of-current-students:1.0:*:*:*:*:*:*:*
EPSS
Процентиль: 12%
0.0004
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-89
Связанные уязвимости
CVSS3: 6.5
github
3 месяца назад
Institute-of-Current-Students v1.0 contains a time-based blind SQL injection vulnerability in the mydetailsstudent.php endpoint. The `myds` GET parameter is not adequately sanitized before being used in SQL queries.
EPSS
Процентиль: 12%
0.0004
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-89