PT-2023-29808 · Unknown · Phpgurukul Teacher Subject Allocation Management System

Ersinerenler

Published

2023-11-14

Updated

2023-11-17

CVE-2023-46026

CVSS v3.1

4.8

Medium

Vector

AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions phpgurukul Teacher Subject Allocation Management System version 1.0

Description The issue concerns a Cross Site Scripting (XSS) vulnerability. This vulnerability allows attackers to run arbitrary code via the adminname and email parameters in the profile.php file.

Recommendations For phpgurukul Teacher Subject Allocation Management System version 1.0, consider restricting the input for the adminname and email parameters to prevent the execution of arbitrary code until a patch is available.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2023-46026

Affected Products

Phpgurukul Teacher Subject Allocation Management System

CVE-2023-46026

Weakness Enumeration

Related Identifiers

Affected Products

References · 3