PT-2023-23072 · Code Projects · Agro-School Management System

Zhangwang

Publicado

2023-06-04

Atualizado

2025-08-26

CVE-2023-3094

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions code-projects Agro-School Management System version 1.0

Description A critical issue has been found in the system. The doUpdateQuestion function of the file btn functions.php is affected. The manipulation of the question id argument leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Recommendations For code-projects Agro-School Management System version 1.0, consider disabling the doUpdateQuestion function until a patch is available. Restrict access to the btn functions.php file to minimize the risk of exploitation. Avoid using the question id argument in the affected function until the issue is resolved.

Exploit

Correção

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

CVE-2023-3094

Produtos afetados

Agro-School Management System

PT-2023-23072 · Code Projects · Agro-School Management System

CVE-2023-3094

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8