PHPGurukul Nipah Virus Testing Management System add-phlebotomist.php sql injection
CVE-2023-6402
Key Information:
- Vendor
PHPgurukul
- Vendor
- CVE Published:
- 30 November 2023
Badges
What is CVE-2023-6402?
A SQL injection vulnerability exists in the PHPGurukul Nipah Virus Testing Management System version 1.0, specifically affecting the add-phlebotomist.php file. This vulnerability arises from improper handling of the 'empid' parameter, allowing remote attackers to manipulate SQL queries. The public disclosure of this exploit increases the risk of unauthorized database access, compromising sensitive information and the integrity of the system.
Affected Version(s)
Nipah Virus Testing Management System 1.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V3.1
CVSS V3.0
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved