SourceCodester Student Study Center Desk Management System view_student sql injection
CVE-2023-1466

6.3MEDIUM

Key Information:

Vendor
Sourcecodester
Status
Student Study Center Desk Management System
Vendor
CVE Published:
17 March 2023

Summary

A vulnerability exists in the Student Study Center Desk Management System that allows for SQL injection through the 'view_student' function. By manipulating the 'id' argument, an attacker can input malicious SQL code, potentially leading to unauthorized data access or manipulation. This vulnerability can be exploited remotely, posing a significant risk to the integrity of the system. It is crucial for users to patch their installations to mitigate this security issue.

Affected Version(s)

Student Study Center Desk Management System 1.0

References

https://vuldb.com/?id.223325
vdb-entrytechnical-description
https://vuldb.com/?ctiid.223325
signature

CVSS V3.1

Score:
6.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

CVSS V3.0

Score:
6.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

WWesleywww (VulDB User)
.