Unauth SQLi in Student Result Mgmt Sys v1.0 via login.php password
CVE-2023-48720 Published on December 21, 2023
Student Result Management System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)
Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'password' parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database.
Vulnerability Analysis
CVE-2023-48720 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be critical as this vulnerability has a high impact to the confidentiality, integrity and availability of this component.
Weakness Type
What is a SQL Injection Vulnerability?
The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.
CVE-2023-48720 has been classified to as a SQL Injection vulnerability or weakness.
Products Associated with CVE-2023-48720
Want to know whenever a new CVE is published for PHPGurukul Student Result Management System? stack.watch will email you.
Affected Versions
Projectworlds Pvt. Limited Student Result Management System Version 1.0 is affected by CVE-2023-48720Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.