PT-2023-28322 · Unknown · Exam Form Submission In Php With Source Code

Published

2023-09-18

Updated

2023-09-19

CVE-2023-42359

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Exam Form Submission in PHP with Source Code version 1.0

Description The issue allows a remote attacker to escalate privileges via the val-username parameter in the "/index.php" API endpoint.

Recommendations For version 1.0, consider restricting access to the /index.php endpoint or avoiding the use of the val-username parameter until a fix is available. As a temporary workaround, validate and sanitize all user input to prevent SQL injection attacks.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2023-42359

Affected Products

Exam Form Submission In Php With Source Code

PT-2023-28322 · Unknown · Exam Form Submission In Php With Source Code

CVE-2023-42359

Weakness Enumeration

Related Identifiers

Affected Products

References · 5