PT-2023-32326 · Unknown · Shaanxi Chanming Education Technology Score Query System

Ting

Publicado

2023-10-26

Atualizado

2024-05-17

CVE-2023-5787

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Shaanxi Chanming Education Technology Score Query System version 5.0

Description A critical issue affects the system's unknown processing, allowing for SQL injection through the manipulation of the stuIdCard argument. The attack can be initiated remotely.

Recommendations For version 5.0, consider disabling the stuIdCard argument until a patch is available to prevent SQL injection attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

CVE-2023-5787

Produtos afetados

Shaanxi Chanming Education Technology Score Query System

PT-2023-32326 · Unknown · Shaanxi Chanming Education Technology Score Query System

CVE-2023-5787

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8