PT-2023-29807 · Unknown · Phpgurukul Teacher Subject Allocation Management System

Ersinerenler

Published

2023-11-14

Updated

2023-11-17

CVE-2023-46025

CVSS v3.1

4.9

Medium

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions phpgurukul Teacher Subject Allocation Management System version 1.0

Description The issue allows attackers to obtain sensitive information. It involves a SQL Injection vulnerability in the teacher-info.php file, where the editid parameter is vulnerable.

Recommendations For phpgurukul Teacher Subject Allocation Management System version 1.0, consider restricting access to the "teacher-info.php" file until a patch is available, and avoid using the editid parameter in the affected API endpoint.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2023-46025

Affected Products

Phpgurukul Teacher Subject Allocation Management System

CVE-2023-46025

Weakness Enumeration

Related Identifiers

Affected Products

References · 3