Online Notice Board System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)
CVE-2023-50753
9.8CRITICAL
What is CVE-2023-50753?
The Online Notice Board System version 1.0, developed by Kashipara, is affected by multiple unauthenticated SQL Injection vulnerabilities. These vulnerabilities arise due to the inadequate validation of the 'dd' parameter in the user/update_profile.php endpoint. As a result, malicious users can send crafted requests that insert unfiltered input directly into database queries, potentially allowing attackers to manipulate data, exfiltrate sensitive information, or gain unauthorized access to the system.
Affected Version(s)
Online Notice Board System 1.0