code-projects Agro-School Management System exam-delete.php sql injection
CVE-2023-3339

7.5HIGH

Key Information:

Vendor
code-projects
Status
Agro-School Management System
Vendor
CVE Published:
21 June 2023

Summary

A SQL injection vulnerability exists in the Agro-School Management System version 1.0, specifically within the functionality of the file exam-delete.php. This vulnerability arises due to improper handling of the 'test_id' argument, which can be manipulated by attackers. As a result, remote exploitation is possible, allowing an attacker to execute arbitrary SQL commands on the database. The disclosure of this vulnerability poses a serious risk and demands immediate attention from users to secure their systems.

Affected Version(s)

Agro-School Management System 1.0

References

https://vuldb.com/?id.232015
vdb-entrytechnical-description
https://vuldb.com/?ctiid.232015
signaturepermissions-required
https://github.com/6rignard/CveReport/blob/main/Agro-Scho...
exploit

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

RMgX (VulDB User)
.