A vulnerability classified as critical was found in SourceCodester Student Study Center Desk Management System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/?page=reports&date_from=2023-02-17&date_to=2023-03-17 of the component Report Handler. The manipulation of the argument date_from/date_to leads to sql injection. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-223327.
References
Link | Resource |
---|---|
https://vuldb.com/?ctiid.223327 | Permissions Required Third Party Advisory VDB Entry |
https://vuldb.com/?id.223327 | Permissions Required Third Party Advisory VDB Entry |
Configurations
Configuration 1 (hide)
|
History
23 Mar 2023, 14:55
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
References | (MISC) https://vuldb.com/?ctiid.223327 - Permissions Required, Third Party Advisory, VDB Entry | |
References | (MISC) https://vuldb.com/?id.223327 - Permissions Required, Third Party Advisory, VDB Entry | |
First Time |
Student Study Center Desk Management System Project student Study Center Desk Management System
Student Study Center Desk Management System Project |
|
CPE | cpe:2.3:a:student_study_center_desk_management_system_project:student_study_center_desk_management_system:1.0:*:*:*:*:*:*:* |
17 Mar 2023, 12:59
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-03-17 12:15
Updated : 2024-03-21 02:45
NVD link : CVE-2023-1468
Mitre link : CVE-2023-1468
CVE.ORG link : CVE-2023-1468
JSON object : View
Products Affected
student_study_center_desk_management_system_project
- student_study_center_desk_management_system
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')