code-projects Agro-School Management System btn_functions.php doUpdateQuestion sql injection
CVE-2023-3094
9.8CRITICAL
What is CVE-2023-3094?
A SQL injection vulnerability exists in the Agro-School Management System 1.0 due to improper handling of user input within the doUpdateQuestion function in btn_functions.php. An attacker could exploit this weakness by manipulating the question_id argument, leading to unauthorized access to the database. This vulnerability can be exploited remotely, making it crucial for users to patch their systems promptly to mitigate potential risks.
Affected Version(s)
Agro-School Management System 1.0