A vulnerability has been found in code-projects Student Enrollment System 1.0 and classified as critical. This vulnerability affects unknown code of the file /login.php. The manipulation of the argument Username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
oryginał ENCVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XCode Projects Student Enrollment
APPCode-Projects1.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
SQLi
Powiązane podatności
CVE-2023-41505CRITICAL9.8PL ✓ten sam produkt
Arbitrary file upload umożliwiający RCE w Student Enrollment In PHP
CVE-2023-41503CRITICAL9.8PL ✓ten sam produkt
SQL injection w funkcji logowania — Code-Projects Student Enrollment PHP v1.0
CVE-2023-41506CRITICAL9.8PL ✓ten sam produkt
Arbitrary File Upload umożliwiający RCE w Student Enrollment In PHP
CVE-2023-41504HIGH8.8ten sam produkt
SQL Injection vulnerability in Student Enrollment In PHP 1.0 allows attackers to run arbitrary code via the St...
CVE-2025-60306CRITICAL9.9PL ✓ten sam vendor
Auth Bypass w Simple Car Rental System — przejęcie sesji wysokich uprawnień