Student Information System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'coursecode' parameter of the marks.php resource does not validate the characters received and they are sent unfiltered to the database.
References
Link | Resource |
---|---|
https://fluidattacks.com/advisories/kissin/ | Exploit Third Party Advisory |
https://www.kashipara.com/ | Not Applicable |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Fluid Attacks
Published: 2023-12-20T15:55:07.052Z
Updated: 2023-12-20T15:55:07.052Z
Reserved: 2023-09-15T22:52:20.378Z
Link: CVE-2023-5010
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-12-20T16:15:10.197
Modified: 2023-12-26T21:32:44.960
Link: CVE-2023-5010
JSON object: View
Redhat Information
No data.
CWE