SQL injection vulnerability in PHPGurukul Student Record System 4.0 allows remote attackers to execute arbitrary SQL statements, via the sid parameter to edit-sub.php.
References
Link | Resource |
---|---|
https://github.com/BigTiger2020/Student-Record-System-/blob/main/README.md | Exploit Third Party Advisory |
https://packetstormsecurity.com/files/161237/Student-Record-System-4.0-SQL-Injection.html | Exploit Third Party Advisory VDB Entry |
https://phpgurukul.com/ | Vendor Advisory |
https://phpgurukul.com/wp-content/uploads/2019/05/schoolmanagement.zip | Vendor Advisory |
Configurations
History
14 Nov 2023, 21:36
Type | Values Removed | Values Added |
---|---|---|
First Time |
Phpgurukul student Record System
Phpgurukul |
|
CPE | cpe:2.3:a:phpgurukul:student_record_system:4.0:*:*:*:*:*:*:* |
Information
Published : 2021-07-22 16:15
Updated : 2024-02-28 18:28
NVD link : CVE-2021-26765
Mitre link : CVE-2021-26765
CVE.ORG link : CVE-2021-26765
JSON object : View
Products Affected
phpgurukul
- student_record_system
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')