CVE-2023-50753

Name of the Vulnerable Software and Affected Versions Online Notice Board System version 1.0

Description The issue concerns multiple Unauthenticated SQL Injection vulnerabilities. Specifically, the dd parameter of the "user/update profile.php" resource does not validate the characters received, and they are sent unfiltered to the database.

Recommendations For Online Notice Board System version 1.0, as a temporary workaround, consider validating and filtering the dd parameter in the "user/update profile.php" resource to prevent SQL injection attacks. Restrict access to the "user/update profile.php" resource until a proper fix is applied. At the moment, there is no information about a newer version that contains a fix for this vulnerability.