PT-2025-49132 · Obi08 · Enrollment System
Gnanaraj Mauviel
·
Published
2025-12-04
·
Updated
2025-12-04
·
CVE-2024-58276
CVSS v4.0
8.7
High
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Obi08/Enrollment System version 1.0
Description
The software contains a SQL injection issue in the
keyword parameter of the '/get subject.php' API endpoint. Unauthenticated attackers can execute arbitrary SQL queries, potentially extracting sensitive information from the users table, including usernames and passwords, using UNION-based injection.Recommendations
Apply input validation and sanitization to the
keyword parameter in the '/get subject.php' API endpoint.Exploit
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Enrollment System