PHPGurukul Nipah Virus Testing Management System login.php sql injection
CVE-2023-5804

9.8CRITICAL

Key Information:

Vendor

PHPGurukul
Status
Nipah Virus Testing Management System
Vendor
CVE Published:
26 October 2023

What is CVE-2023-5804?

A SQL injection vulnerability exists in the login.php file of the PHPGurukul Nipah Virus Testing Management System version 1.0. This vulnerability allows an attacker to manipulate the username argument, enabling unauthorized access to the database. Due to its design, the vulnerability is accessible remotely, which raises significant security concerns for users of this web application. Administrators are encouraged to implement immediate patching and conduct a thorough security review to mitigate potential risks.

Affected Version(s)

Nipah Virus Testing Management System 1.0

References

https://vuldb.com/?id.243617
vdb-entrytechnical-description
https://vuldb.com/?ctiid.243617
signaturepermissions-required
https://github.com/JacksonStonee/Nipah-virus-NiV-Testing-...
related

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

jacksonstone (VulDB User)
JSON
.