CRITICALπŸ‡΅πŸ‡± Wersja polska

CVE-2023-5634

CVSS 9.8v3.1pub. 2023-12-01upd. 2026-05-21

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ArslanSoft Education Portal allows SQL Injection. This issue affects Education Portal: before v1.1.

πŸ€– AI Analysis
How it works

The application does not properly neutralize special characters passed by the user before using them in SQL queries (CWE-89). An attacker can inject their own SQL code into the portal's input parameters, manipulating the logic of queries directed to the database. The vulnerability is accessible over the network without requiring an account or any user interaction.

Impact

An attacker can gain unauthorized access to data stored in the database (confidentiality), modify or delete data (integrity), and potentially cause system unavailability (availability). In extreme cases, complete takeover of the database and user data contained within is possible.

Mitigation & patch

ArslanSoft Education Portal should be immediately updated to version v1.1 or later. Detailed information is available in the vendor's references and USOM security notice (TR-23-0670).

Who is affected

ArslanSoft Education Portal in all versions prior to v1.1

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Arslansoft Education Portal Project Arslansoft Education Portal

    APP
    Arslansoft Education Portal Project
    < 1.1
πŸ”΅
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
SQLi
CWE
References

Related vulnerabilities

CVE-2023-5636CRITICAL9.8PL βœ“ten sam produkt

Nieograniczony upload pliku umoΕΌliwiajΔ…cy Command Injection w ArslanSoft Education Portal

CVE-2023-5635HIGH7.5ten sam produkt

Improper Protection for Outbound Error Messages and Alert Signals vulnerability in ArslanSoft Education Portal...

CVE-2023-5637HIGH7.5ten sam produkt

Unrestricted Upload of File with Dangerous Type vulnerability in ArslanSoft Education Portal allows Read Sensi...

CVE-2023-5634 β€” Arslansoft Education Portal Project β€” Arslansoft Education Portal β€” CRITICAL β€” CVSS 9.8 | CVEbaza.pl