PT-2019-9628 · Php · Open Faculty Evaluation System

Published

2019-06-19

·

Updated

2019-06-20

·

CVE-2018-18758

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Open Faculty Evaluation System 7 for PHP 7
Description The issue allows for SQL Injection in the submit feedback.php file.
Recommendations For Open Faculty Evaluation System 7 for PHP 7, update the submit feedback.php file to prevent SQL Injection attacks.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2018-18758

Affected Products

Open Faculty Evaluation System