SQL Injection Vulnerabilities in Zoo Management System by XYZ Corp
CVE-2023-41615

9.8CRITICAL

Key Information:

Vendor: PHPgurukul
Status: Zoo Management System
Vendor: CVE Published:; 8 September 2023

Summary

The Zoo Management System v1.0 is susceptible to multiple SQL injection vulnerabilities found specifically in the Admin sign-in page, exploited through the username and password input fields. Attackers can potentially manipulate the input to execute arbitrary SQL queries, compromising sensitive data and allowing unauthorized access to the system. It is crucial for administrators using this platform to assess their security measures and implement appropriate validation practices to safeguard against such vulnerabilities.

References

https://portswigger.net/web-security/sql-injection

https://phpgurukul.com/student-management-system-using-ph...

https://medium.com/%40guravtushar231/sql-injection-in-log...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 8, 2023
Vulnerability Reserved
Aug 30, 2023