SourceCodester School Registration and Fee System GET Parameter edit_stud.php sql injection
CVE-2023-1675

9.8CRITICAL

Key Information:

Vendor
SourceCodester
Status
School Registration and Fee System
Vendor
CVE Published:
28 March 2023

Summary

A vulnerability has been identified within the SourceCodester School Registration and Fee System version 1.0, specifically in an unknown function of the file /bilal final/edit_stud.php related to the GET Parameter Handler. Malicious manipulation of the 'id' parameter may allow for SQL injection attacks, which can be executed remotely. This security flaw poses a significant risk, as unauthorized access and manipulation of the database could occur. The exploit has been publicly disclosed, increasing the urgency for users to apply necessary patches or mitigate the risk associated with this vulnerability.

Affected Version(s)

School Registration and Fee System 1.0

References

https://vuldb.com/?id.224232
vdb-entrytechnical-description
https://vuldb.com/?ctiid.224232
signaturepermissions-required
https://github.com/saintone98/bug_report/blob/main/vendor...
exploit

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Saintone980714 (VulDB User)
.