PT-2023-29808 · Unknown · Phpgurukul Teacher Subject Allocation Management System

Ersinerenler

Publicado

2023-11-14

Atualizado

2023-11-17

CVE-2023-46026

CVSS v3.1

4.8

Média

Vetor

AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions phpgurukul Teacher Subject Allocation Management System version 1.0

Description The issue concerns a Cross Site Scripting (XSS) vulnerability. This vulnerability allows attackers to run arbitrary code via the adminname and email parameters in the profile.php file.

Recommendations For phpgurukul Teacher Subject Allocation Management System version 1.0, consider restricting the input for the adminname and email parameters to prevent the execution of arbitrary code until a patch is available.

Exploit

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2023-46026

Produtos afetados

Phpgurukul Teacher Subject Allocation Management System

PT-2023-29808 · Unknown · Phpgurukul Teacher Subject Allocation Management System

CVE-2023-46026

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3