SourceCodester Faculty Evaluation System sql injection
CVE-2023-2368

9.8CRITICAL

Key Information:

Vendor
SourceCodester
Status
Faculty Evaluation System
Vendor
CVE Published:
28 April 2023

Summary

A security flaw exists in SourceCodester's Faculty Evaluation System 1.0, specifically within the code handling the index.php?page=manage_questionnaire file. By manipulating the 'id' parameter, an attacker could execute arbitrary SQL queries, effectively compromising the application's database. This vulnerability can be exploited remotely, allowing potential attackers to retrieve sensitive data or manipulate the database without the need for prior authentication. The exploit's details have been publicly available, raising concerns about the ongoing risk for users of this application.

Affected Version(s)

Faculty Evaluation System 1.0

References

https://vuldb.com/?id.227644
vdb-entrytechnical-description
https://vuldb.com/?ctiid.227644
signaturepermissions-required
https://github.com/f0llow/bug_report/blob/main/vendors/or...
exploit

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

f0llow (VulDB User)
.