PT-2023-22524 · Unknown · Ningzichun Student Management System
Ningzichun
+1
·
Published
2023-05-31
·
Updated
2025-04-22
·
CVE-2023-3007
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
ningzichun Student Management System version 1.0
Description
A critical issue affects some unknown functionality of the file resetPassword.php of the component Password Reset Handler. The manipulation of the
sid argument leads to weak password recovery. The attack may be launched remotely.Recommendations
For ningzichun Student Management System version 1.0, consider disabling the password recovery feature in the resetPassword.php file until a patch is available. Restrict access to the Password Reset Handler component to minimize the risk of exploitation. Avoid using the
sid argument in the affected functionality until the issue is resolved.Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ningzichun Student Management System