Student Information System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'coursecode' parameter of the marks.php resource does not validate the characters received and they are sent unfiltered to the database.
Metrics
Affected Vendors & Products
References
History
Wed, 27 Nov 2024 20:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: Fluid Attacks
Published: 2023-12-20T15:55:07.052Z
Updated: 2024-11-27T19:57:40.392Z
Reserved: 2023-09-15T22:52:20.378Z
Link: CVE-2023-5010
Vulnrichment
Updated: 2024-08-02T07:44:53.671Z
NVD
Status : Modified
Published: 2023-12-20T16:15:10.197
Modified: 2024-11-21T08:40:52.957
Link: CVE-2023-5010
Redhat
No data.