Vulnerability CVE-2023-6658


Published: 2023-12-10   Modified: 2023-12-14

Description:
A vulnerability classified as critical was found in SourceCodester Simple Student Attendance System 1.0. This vulnerability affects unknown code of the file ajax-api.php?action=save_attendance. The manipulation of the argument class_id leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-247366 is the identifier assigned to this vulnerability.

Type:

CWE-89

(Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'))

Affected software
Oretnom23 -> Simple student attendance system 

 References:
https://vuldb.com/?id.247366
https://vuldb.com/?ctiid.247366
https://github.com/daydust/vuln/blob/main/Simple_Student_Attendance_System/ajax-api.php_SQL-injection.md

Copyright 2024, cxsecurity.com

 

Back to Top