code-projects Agro-School Management System exam-delete.php sql injection
CVE-2023-3339
7.5HIGH
What is CVE-2023-3339?
A SQL injection vulnerability exists in the Agro-School Management System version 1.0, specifically within the functionality of the file exam-delete.php. This vulnerability arises due to improper handling of the 'test_id' argument, which can be manipulated by attackers. As a result, remote exploitation is possible, allowing an attacker to execute arbitrary SQL commands on the database. The disclosure of this vulnerability poses a serious risk and demands immediate attention from users to secure their systems.
Affected Version(s)
Agro-School Management System 1.0