Student Information System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'coursecode' parameter of the marks.php resource does not validate the characters received and they are sent unfiltered to the database.
History

Wed, 27 Nov 2024 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Fluid Attacks

Published: 2023-12-20T15:55:07.052Z

Updated: 2024-11-27T19:57:40.392Z

Reserved: 2023-09-15T22:52:20.378Z

Link: CVE-2023-5010

cve-icon Vulnrichment

Updated: 2024-08-02T07:44:53.671Z

cve-icon NVD

Status : Modified

Published: 2023-12-20T16:15:10.197

Modified: 2024-11-21T08:40:52.957

Link: CVE-2023-5010

cve-icon Redhat

No data.