PT-2023-17157 · Sourcecodester · School Registration/Fee System

Saintone980714

Publicado

2023-03-28

Atualizado

2024-05-17

CVE-2023-1674

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions SourceCodester School Registration and Fee System version 1.0

Description A critical issue affects the processing of the file /bilal final/login.php of the component POST Parameter Handler. The manipulation of the username argument leads to sql injection. The attack may be initiated remotely.

Recommendations For version 1.0, consider disabling the login.php file or restricting access to it until a patch is available. As a temporary workaround, avoid using the username parameter in the affected API endpoint.

Exploit

Correção

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

CVE-2023-1674

Produtos afetados

School Registration/Fee System

PT-2023-17157 · Sourcecodester · School Registration/Fee System

CVE-2023-1674

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7