PHPGurukul BP Monitoring Management System User Profile Update profile.php sql injection
CVE-2023-1909

6.5MEDIUM

Key Information:

Vendor
PHPGurukul
Status
BP Monitoring Management System
Vendor
CVE Published:
7 April 2023

Summary

A vulnerability, which was classified as critical, was found in PHPGurukul BP Monitoring Management System 1.0. Affected is an unknown function of the file profile.php of the component User Profile Update Handler. The manipulation of the argument name/mobno leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-225318 is the identifier assigned to this vulnerability.

Affected Version(s)

BP Monitoring Management System 1.0

References

https://vuldb.com/?id.225318
vdb-entrytechnical-description
https://vuldb.com/?ctiid.225318
signaturepermissions-required
https://github.com/vsdwef/BP-Monitoring-Management-System...
exploit

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database

Credit

James_Quite (VulDB User)
.