Student Information System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'coursename' parameter of the marks.php resource does not validate the characters received and they are sent unfiltered to the database.
References
Link | Resource |
---|---|
https://fluidattacks.com/advisories/kissin/ | Exploit Third Party Advisory |
https://www.kashipara.com/ | Not Applicable |
https://fluidattacks.com/advisories/kissin/ | Exploit Third Party Advisory |
https://www.kashipara.com/ | Not Applicable |
Configurations
History
21 Nov 2024, 08:40
Type | Values Removed | Values Added |
---|---|---|
References | () https://fluidattacks.com/advisories/kissin/ - Exploit, Third Party Advisory | |
References | () https://www.kashipara.com/ - Not Applicable |
26 Dec 2023, 21:32
Type | Values Removed | Values Added |
---|---|---|
First Time |
Kashipara
Kashipara student Information System |
|
CPE | cpe:2.3:a:kashipara:student_information_system:1.0:*:*:*:*:wordpress:*:* | |
References | () https://fluidattacks.com/advisories/kissin/ - Exploit, Third Party Advisory | |
References | () https://www.kashipara.com/ - Not Applicable |
20 Dec 2023, 16:47
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-12-20 16:15
Updated : 2024-11-21 08:40
NVD link : CVE-2023-5011
Mitre link : CVE-2023-5011
CVE.ORG link : CVE-2023-5011
JSON object : View
Products Affected
kashipara
- student_information_system
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')