CRITICAL🇵🇱 Wersja polska

CVE-2023-41503

CVSS 9.8v3.1pub. 2024-03-07upd. 2025-05-05

Student Enrollment In PHP v1.0 was discovered to contain a SQL injection vulnerability via the Login function.

🤖 AI Analysis
How it works

The vulnerability results from a lack of proper validation and sanitization of input data passed to the login function (CWE-94 — code injection). An attacker can inject malicious SQL code directly into the login form fields, thereby modifying the query sent to the database. The attack does not require authentication, any user-side interaction, or special network conditions.

Impact

An attacker can gain unauthorized access to the application (including bypassing the authentication mechanism), read, modify or delete data from the database, and potentially take full control of the database system.

Mitigation & patch

Patches available from the vendor should be applied according to the references. Additionally, it is recommended to implement parameterized SQL queries (prepared statements) and server-side input validation mechanisms. It is also recommended to restrict access to the application at the firewall level to trusted IP addresses.

Who is affected

Code-Projects Student Enrollment In PHP v1.0

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Code Projects Student Enrollment

    APP
    Code-Projects
    1.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
SQLi
CWE
References

Related vulnerabilities

CVE-2023-41505CRITICAL9.8PL ✓ten sam produkt

Arbitrary file upload umożliwiający RCE w Student Enrollment In PHP

CVE-2023-41506CRITICAL9.8PL ✓ten sam produkt

Arbitrary File Upload umożliwiający RCE w Student Enrollment In PHP

CVE-2023-41504HIGH8.8ten sam produkt

SQL Injection vulnerability in Student Enrollment In PHP 1.0 allows attackers to run arbitrary code via the St...

CVE-2025-7191MEDIUM5.5ten sam produkt

A vulnerability has been found in code-projects Student Enrollment System 1.0 and classified as critical. This...

CVE-2025-60306CRITICAL9.9PL ✓ten sam vendor

Auth Bypass w Simple Car Rental System — przejęcie sesji wysokich uprawnień