SQL injection vulnerability in PHPGurukul Student Record System 4.0 allows remote attackers to execute arbitrary SQL statements, via the cid parameter to edit-course.php.
References
Link | Resource |
---|---|
https://phpgurukul.com/ | Vendor Advisory |
https://phpgurukul.com/wp-content/uploads/2019/05/schoolmanagement.zip | Vendor Advisory |
https://www.exploit-db.com/exploits/49513 | Exploit Third Party Advisory VDB Entry |
Configurations
History
14 Nov 2023, 21:36
Type | Values Removed | Values Added |
---|---|---|
First Time |
Phpgurukul student Record System
Phpgurukul |
|
CPE | cpe:2.3:a:phpgurukul:student_record_system:4.0:*:*:*:*:*:*:* |
Information
Published : 2021-07-22 16:15
Updated : 2024-02-28 18:28
NVD link : CVE-2021-26762
Mitre link : CVE-2021-26762
CVE.ORG link : CVE-2021-26762
JSON object : View
Products Affected
phpgurukul
- student_record_system
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')