PHPGurukul Nipah Virus Testing Management System bwdates-report-result.php sql injection
CVE-2023-7099

9.8CRITICAL

Key Information:

Vendor
PHPGurukul
Status
Nipah Virus Testing Management System
Vendor
CVE Published:
25 December 2023

Summary

A SQL injection vulnerability exists within the PHPGurukul Nipah Virus Testing Management System version 1.0, specifically affecting the processing of the 'fromdate' argument in the file 'bwdates-report-result.php'. This security flaw allows for remote attackers to manipulate the arguments, potentially leading to unauthorized access to the database. The vulnerability has been disclosed publicly, emphasizing the importance of applying security patches and mitigation measures to protect against possible exploitation.

Affected Version(s)

Nipah Virus Testing Management System 1.0

References

https://vuldb.com/?id.248951
vdb-entrytechnical-description
https://vuldb.com/?ctiid.248951
signaturepermissions-required
https://github.com/laoquanshi/heishou/blob/main/niv%20-SQL
broken-link

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database

Credit

heishou (VulDB User)
.