SourceCodester Student Study Center Desk Management System manage_student.php sql injection
CVE-2023-2151

9.8CRITICAL

Key Information:

Vendor
SourceCodester
Status
Student Study Center Desk Management System
Vendor
CVE Published:
18 April 2023

Summary

A vulnerability exists in the Desk Management System's manage_student.php file, allowing an attacker to manipulate the argument 'id' and perform SQL Injection attacks remotely. This can lead to unauthorized access to sensitive data or further exploits. Public disclosure has raised awareness, making it imperative for users to inspect their systems for potential vulnerabilities.

Affected Version(s)

Student Study Center Desk Management System 1.0

References

https://vuldb.com/?id.226272
vdb-entrytechnical-description
https://vuldb.com/?ctiid.226272
signaturepermissions-required
https://github.com/xzz0787/vul/blob/main/README.pdf
exploit

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.