SQL Injection Vulnerability in Rail Pass Management System by DiliLearngent
CVE-2023-31933

7.2HIGH

Key Information:

Vendor
PHPgurukul
Status
Rail Pass Management System
Vendor
CVE Published:
28 July 2023

Summary

The Rail Pass Management System v.1.0 contains a vulnerability that allows remote attackers to exploit an SQL injection flaw through the 'editid' parameter in 'edit-pass-detail.php'. By crafting a malicious request, an attacker can execute arbitrary code, potentially compromising the integrity and availability of the system. It is crucial for users to update and implement appropriate security measures to mitigate this risk.

References

https://github.com/DiliLearngent/BugReport/blob/main/php/...

CVSS V3.1

Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database
.