code-projects Agro-School Management System index.php sql injection
CVE-2023-3062

9.8CRITICAL

Key Information:

Vendor: code-projects
Status: Agro-School Management System
Vendor: CVE Published:; 2 June 2023

Summary

A security flaw exists in the Agro-School Management System version 1.0 due to improper input validation in the file index.php. This vulnerability allows attackers to exploit a weakness in the password argument, potentially leading to unauthorized access to the database via SQL injection. The remote exploitation capability of this vulnerability heightens the risk, as attackers can execute malicious SQL queries without the need for direct access to the system.

Affected Version(s)

Agro-School Management System 1.0

References

https://vuldb.com/?id.230568

vdb-entrytechnical-description

https://vuldb.com/?ctiid.230568

signaturepermissions-required

https://github.com/hotencode/CveHub/blob/main/Agro-School...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 2, 2023
Vulnerability Reserved
Jun 2, 2023

Credit

ZhangWang (VulDB User)