PT-2023-29806 · Unknown · Phpgurukul Teacher Subject Allocation Management System

Ersinerenler

Publicado

2023-11-14

Atualizado

2023-11-17

CVE-2023-46024

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions phpgurukul Teacher Subject Allocation Management System version 1.0

Description The issue allows attackers to execute arbitrary SQL commands and obtain sensitive information. This is achieved via the searchdata parameter in the "index.php" file.

Recommendations For phpgurukul Teacher Subject Allocation Management System version 1.0, consider restricting access to the searchdata parameter in the "index.php" file until a patch is available. As a temporary workaround, avoid using the searchdata parameter to minimize the risk of exploitation.

Exploit

Correção

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

CVE-2023-46024

Produtos afetados

Phpgurukul Teacher Subject Allocation Management System

PT-2023-29806 · Unknown · Phpgurukul Teacher Subject Allocation Management System

CVE-2023-46024

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4