Student Information System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'coursecode' parameter of the marks.php resource does not validate the characters received and they are sent unfiltered to the database.
References
Link | Resource |
---|---|
https://fluidattacks.com/advisories/kissin/ | Exploit Third Party Advisory |
https://www.kashipara.com/ | Not Applicable |
https://fluidattacks.com/advisories/kissin/ | Exploit Third Party Advisory |
https://www.kashipara.com/ | Not Applicable |
Configurations
History
21 Nov 2024, 08:40
Type | Values Removed | Values Added |
---|---|---|
References | () https://fluidattacks.com/advisories/kissin/ - Exploit, Third Party Advisory | |
References | () https://www.kashipara.com/ - Not Applicable |
26 Dec 2023, 21:32
Type | Values Removed | Values Added |
---|---|---|
References | () https://fluidattacks.com/advisories/kissin/ - Exploit, Third Party Advisory | |
References | () https://www.kashipara.com/ - Not Applicable | |
First Time |
Kashipara
Kashipara student Information System |
|
CPE | cpe:2.3:a:kashipara:student_information_system:1.0:*:*:*:*:wordpress:*:* |
20 Dec 2023, 16:47
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-12-20 16:15
Updated : 2024-11-21 08:40
NVD link : CVE-2023-5010
Mitre link : CVE-2023-5010
CVE.ORG link : CVE-2023-5010
JSON object : View
Products Affected
kashipara
- student_information_system
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')