PT-2023-30451 · Unknown · Pre-School Enrollment

Mehmetcan Topal

Published

2023-11-14

Updated

2023-11-20

CVE-2023-47445

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Pre-School Enrollment version 1.0

Description The issue allows for SQL Injection via the username parameter in the "preschool/admin/" page. This could potentially lead to unauthorized access or manipulation of data.

Recommendations For Pre-School Enrollment version 1.0, consider restricting access to the "preschool/admin/" page until a fix is available, and avoid using the username parameter in this context to minimize the risk of exploitation.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2023-47445

Affected Products

Pre-School Enrollment

PT-2023-30451 · Unknown · Pre-School Enrollment

CVE-2023-47445

Weakness Enumeration

Related Identifiers

Affected Products

References · 4