SourceCodester Engineers Online Portal downloadable_student.php sql injection
CVE-2023-5276

6.3MEDIUM

Key Information:

Vendor: Sourcecodester
Status: Engineers Online Portal
Vendor: CVE Published:; 29 September 2023

Summary

A vulnerability classified as critical was found in SourceCodester Engineers Online Portal 1.0. This vulnerability affects unknown code of the file downloadable_student.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The identifier of this vulnerability is VDB-240904.

Affected Version(s)

Engineers Online Portal 1.0

References

https://vuldb.com/?id.240904

vdb-entrytechnical-description

https://vuldb.com/?ctiid.240904

signaturepermissions-required

https://github.com/llixixi/Engineers-Online-Portal-System...

CVSS V3.1

Score:

6.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 29, 2023
Vulnerability Reserved
Sep 29, 2023

Credit

llixixioo (VulDB User)