A vulnerability has been found in code-projects Student Enrollment System 1.0 and classified as critical. This vulnerability affects unknown code of the file /login.php. The manipulation of the argument Username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XCode Projects Student Enrollment
APPCode-Projects1.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
SQLi
Related vulnerabilities
CVE-2023-41505CRITICAL9.8PL ✓ten sam produkt
Arbitrary file upload umożliwiający RCE w Student Enrollment In PHP
CVE-2023-41503CRITICAL9.8PL ✓ten sam produkt
SQL injection w funkcji logowania — Code-Projects Student Enrollment PHP v1.0
CVE-2023-41506CRITICAL9.8PL ✓ten sam produkt
Arbitrary File Upload umożliwiający RCE w Student Enrollment In PHP
CVE-2023-41504HIGH8.8ten sam produkt
SQL Injection vulnerability in Student Enrollment In PHP 1.0 allows attackers to run arbitrary code via the St...
CVE-2025-60306CRITICAL9.9PL ✓ten sam vendor
Auth Bypass w Simple Car Rental System — przejęcie sesji wysokich uprawnień