PT-2025-7448 · Unknown · Uniclare Student Portal
Published
2025-02-20
·
Updated
2025-02-20
·
CVE-2024-57401
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Uniclare Student portal versions 2 and earlier
Description
The issue allows a remote attacker to execute arbitrary code via the Forgot Password function. This is due to a SQL Injection vulnerability. The
Forgot Password function is the vulnerable endpoint.Recommendations
For Uniclare Student portal versions 2 and earlier, consider disabling the
Forgot Password function until a patch is available to prevent exploitation. Restrict access to this function to minimize the risk of arbitrary code execution.Exploit
Fix
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Uniclare Student Portal