PHPGurukul BP Monitoring v1.0 SQLi via profile.php User Profile Update Handler
CVE-2023-1909 Published on April 7, 2023
PHPGurukul BP Monitoring Management System User Profile Update profile.php sql injection
A vulnerability, which was classified as critical, was found in PHPGurukul BP Monitoring Management System 1.0. Affected is an unknown function of the file profile.php of the component User Profile Update Handler. The manipulation of the argument name/mobno leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-225318 is the identifier assigned to this vulnerability.
Timeline
CVE reserved
Advisory disclosed 1 day later.
VulDB entry created
VulDB entry last update 19 days later.
Weakness Type
What is a SQL Injection Vulnerability?
The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.
CVE-2023-1909 has been classified to as a SQL Injection vulnerability or weakness.
Products Associated with CVE-2023-1909
stack.watch emails you whenever new vulnerabilities are published in Bpmonitoringmanagementsystemproject Bp Monitoring Management System or PHPGurukul Bp Monitoring Management System. Just hit a watch button to start following.
Affected Versions
PHPGurukul BP Monitoring Management System Version 1.0 is affected by CVE-2023-1909Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.