SQL Injection Vulnerability in Rail Pass Management System by DiliLearngent
CVE-2023-31933

7.2HIGH

Key Information:

Vendor: PHPgurukul
Status: Rail Pass Management System
Vendor: CVE Published:; 28 July 2023

What is CVE-2023-31933?

The Rail Pass Management System v.1.0 contains a vulnerability that allows remote attackers to exploit an SQL injection flaw through the 'editid' parameter in 'edit-pass-detail.php'. By crafting a malicious request, an attacker can execute arbitrary code, potentially compromising the integrity and availability of the system. It is crucial for users to update and implement appropriate security measures to mitigate this risk.

References

https://github.com/DiliLearngent/BugReport/blob/main/php/...

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 28, 2023
Vulnerability Reserved
Apr 29, 2023

PHPgurukul

What is CVE-2023-31933?

References

CVSS V3.1

Timeline