A vulnerability was found in Campcodes Online Thesis Archiving System 1.0. It has been classified as critical. Affected is an unknown function of the file projects_per_curriculum.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-226266 is the identifier assigned to this vulnerability.
References
Link | Resource |
---|---|
https://github.com/E1CHO/cve_hub/blob/main/Online%20Thesis%20Archiving%20System/Online%20Thesis%20Archiving%20System%20-%20vuln%201.pdf | Exploit Third Party Advisory |
https://vuldb.com/?ctiid.226266 | Permissions Required Third Party Advisory |
https://vuldb.com/?id.226266 | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
25 Apr 2023, 20:05
Type | Values Removed | Values Added |
---|---|---|
First Time |
Online Thesis Archiving System Project online Thesis Archiving System
Online Thesis Archiving System Project |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
CPE | cpe:2.3:a:online_thesis_archiving_system_project:online_thesis_archiving_system:1.0:*:*:*:*:*:*:* | |
References | (MISC) https://github.com/E1CHO/cve_hub/blob/main/Online%20Thesis%20Archiving%20System/Online%20Thesis%20Archiving%20System%20-%20vuln%201.pdf - Exploit, Third Party Advisory | |
References | (MISC) https://vuldb.com/?ctiid.226266 - Permissions Required, Third Party Advisory | |
References | (MISC) https://vuldb.com/?id.226266 - Third Party Advisory |
18 Apr 2023, 11:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-04-18 11:15
Updated : 2024-04-11 01:19
NVD link : CVE-2023-2145
Mitre link : CVE-2023-2145
CVE.ORG link : CVE-2023-2145
JSON object : View
Products Affected
online_thesis_archiving_system_project
- online_thesis_archiving_system
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')