SourceCodester Faculty Evaluation System sql injection
CVE-2023-2368
9.8CRITICAL
What is CVE-2023-2368?
A security flaw exists in SourceCodester's Faculty Evaluation System 1.0, specifically within the code handling the index.php?page=manage_questionnaire file. By manipulating the 'id' parameter, an attacker could execute arbitrary SQL queries, effectively compromising the application's database. This vulnerability can be exploited remotely, allowing potential attackers to retrieve sensitive data or manipulate the database without the need for prior authentication. The exploit's details have been publicly available, raising concerns about the ongoing risk for users of this application.
Affected Version(s)
Faculty Evaluation System 1.0