Vulnerability CVE-2023-5008


Published: 2023-12-08   Modified: 2023-12-14

Description:
Student Information System v1.0 is vulnerable to an unauthenticated SQL Injection vulnerability on the 'regno' parameter of index.php page, allowing an external attacker to dump all the contents of the database contents and bypass the login control.

Type:

CWE-89

(Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'))

Affected software
Imsurajghosh -> Student information system 

 References:
https://fluidattacks.com/advisories/blechacz/
https://www.kashipara.com/

Copyright 2024, cxsecurity.com

 

Back to Top