SourceCodester Grade Point Average GPA Calculator Master.php get_scale sql injection
CVE-2023-1770

9.8CRITICAL

Key Information:

Vendor
SourceCodester
Status
Grade Point Average GPA Calculator
Vendor
CVE Published:
31 March 2023

Summary

A flaw exists in the SourceCodester Grade Point Average GPA Calculator (version 1.0) related to the 'get_scale' function in the Master.php file. This vulnerability arises from improper handling of the 'perc' parameter, allowing attackers to execute SQL injection attacks remotely. If successfully exploited, this could enable unauthorized access to sensitive data in the database, jeopardizing the integrity and confidentiality of information. With this exploit publicly disclosed, it poses a significant risk to users of the affected application.

Affected Version(s)

Grade Point Average GPA Calculator 1.0

References

https://vuldb.com/?id.224671
vdb-entrytechnical-description
https://vuldb.com/?ctiid.224671
signaturepermissions-required
https://github.com/Pe4cefulSnow/SQL-Injection/blob/main/R...
broken-linkexploit

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Pe4cefulSnow (VulDB User)
.