SourceCodester Faculty Evaluation System sql injection
CVE-2023-2365
9.8CRITICAL
What is CVE-2023-2365?
An SQL injection vulnerability has been identified in the SourceCodester Faculty Evaluation System 1.0 due to improper handling of the 'id' parameter in the ajax.php?action=delete_subject file. This flaw allows remote attackers to execute arbitrary SQL commands, potentially compromising the underlying database and exposing sensitive information. The exploit is publicly disclosed, indicating a real risk for users of this system.
Affected Version(s)
Faculty Evaluation System 1.0