SQLi in UNI-PA's University Information System
CVE-2023-6441

9.8CRITICAL

Key Information:

Vendor: Uni-pa University Marketing & Computer Internet Trade Inc.
Status: University Information System
Vendor: CVE Published:; 14 February 2024

Summary

A vulnerability exists in the University Information System developed by UNI-PA University Marketing & Computer Internet Trade Inc. due to improper neutralization of special elements used in SQL commands, leading to an SQL Injection scenario. This flaw allows attackers to execute arbitrary SQL queries, posing a significant risk to data confidentiality and system integrity. Attackers can exploit this vulnerability to gain unauthorized access to sensitive information, modify, or delete data within the application, which can severely compromise the overall security posture of the affected system.

Affected Version(s)

University Information System 0 < 12.12.2023

References

https://www.usom.gov.tr/bildirim/tr-24-0102

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 14, 2024
Vulnerability Reserved
Nov 30, 2023

Credit

Resul Melih MACİT