A vulnerability was found in PHPGurukul Teacher Subject Allocation Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/subject.php of the component Create a new Subject. The manipulation of the argument cid leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-247346 is the identifier assigned to this vulnerability.
References
Link | Resource |
---|---|
https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/csrf_add_sub.md | Exploit Third Party Advisory |
https://vuldb.com/?ctiid.247346 | Permissions Required Third Party Advisory |
https://vuldb.com/?id.247346 | Permissions Required Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
13 Dec 2023, 02:14
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:phpgurukul:teacher_subject_allocation_management_system:1.0:*:*:*:*:*:*:* | |
First Time |
Phpgurukul teacher Subject Allocation Management System
Phpgurukul |
|
References | () https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/csrf_add_sub.md - Exploit, Third Party Advisory | |
References | () https://vuldb.com/?ctiid.247346 - Permissions Required, Third Party Advisory | |
References | () https://vuldb.com/?id.247346 - Permissions Required, Third Party Advisory |
11 Dec 2023, 12:20
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
10 Dec 2023, 13:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-12-10 13:15
Updated : 2024-04-11 01:23
NVD link : CVE-2023-6653
Mitre link : CVE-2023-6653
CVE.ORG link : CVE-2023-6653
JSON object : View
Products Affected
phpgurukul
- teacher_subject_allocation_management_system
CWE
CWE-352
Cross-Site Request Forgery (CSRF)