VDB-244327 · CVE-2023-5927 · GCVE-100-244327

Campcodes Simple Student Information System 1.0 manage_course.php ID SQL ଇଞ୍ଜେକ୍ସନ

Rakkoon nageenyaa kan ଜଟିଳ jedhamuun beekamu Campcodes Simple Student Information System 1.0 keessatti argameera. Miidhaan irra gahe is hojii hin beekamne faayilii /admin/courses/manage_course.php keessa. Dhugumatti jijjiirraa irratti raawwatame ID gara SQL ଇଞ୍ଜେକ୍ସନ geessa. Waliigalteewwan CWE fayyadamuun rakkoo ibsuun gara CWE-89 si geessa. Beekumsi kun yeroo 11/02/2023 ifoomsifameera. Odeeffannoon kun buufachuuf github.com irratti dhiyaateera. Dogoggorri kun maqaa CVE-2023-5927 jedhuun tajaajilama. Weerara kana milkeessuuf, qunnamtii networkii naannoo barbaachisa. Odeeffannoon teeknikaa ni argama. Akka dabalataan, meeshaa balaa kana fayyadamuuf argama. Qorannoo miidhaa (exploit) beeksifamee jira, namoonni itti fayyadamuu danda'u. Yeroo ammaa, gatii exploit might be approx. USD $0-$5k beekamuu danda'a. ପ୍ରୁଫ୍-ଅଫ୍-କନ୍ସେପ୍ଟ jedhamee murtaa’eera. Exploit kana github.com irraa buufachuu ni dandeessa. Waggaa 0-day ta'ee, gatiin isaa daldala dhoksaa keessatti $0-$5k jedhamee tilmaamame. Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

3 ଆଡାପ୍ଟେସନ୍ · 71 ପଏଣ୍ଟ

ଫିଲ୍ଡ	ସୃଷ୍ଟି ହୋଇଛି 11/02/2023 02:06 PM	ଅଦ୍ୟତନ 1/2 11/30/2023 09:49 AM	ଅଦ୍ୟତନ 2/2 11/30/2023 09:51 AM
software_vendor	Campcodes	Campcodes	Campcodes
software_name	Simple Student Information System	Simple Student Information System	Simple Student Information System
software_version	1.0	1.0	1.0
software_file	/admin/courses/manage_course.php	/admin/courses/manage_course.php	/admin/courses/manage_course.php
software_argument	id	id	id
vulnerability_cwe	CWE-89 (SQL ଇଞ୍ଜେକ୍ସନ)	CWE-89 (SQL ଇଞ୍ଜେକ୍ସନ)	CWE-89 (SQL ଇଞ୍ଜେକ୍ସନ)
vulnerability_risk	2	2	2
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	L	L	L
cvss3_vuldb_i	L	L	L
cvss3_vuldb_a	L	L	L
cvss3_vuldb_e	P	P	P
cvss3_vuldb_rc	R	R	R
advisory_url	https://github.com/E1CHO/cve_hub/blob/main/Simple%20Student%20Information%20System/Simple%20Student%20Information%20System%20-%20vuln%205.pdf	https://github.com/E1CHO/cve_hub/blob/main/Simple%20Student%20Information%20System/Simple%20Student%20Information%20System%20-%20vuln%205.pdf	https://github.com/E1CHO/cve_hub/blob/main/Simple%20Student%20Information%20System/Simple%20Student%20Information%20System%20-%20vuln%205.pdf
exploit_availability	1	1	1
exploit_publicity	1	1	1
exploit_url	https://github.com/E1CHO/cve_hub/blob/main/Simple%20Student%20Information%20System/Simple%20Student%20Information%20System%20-%20vuln%205.pdf	https://github.com/E1CHO/cve_hub/blob/main/Simple%20Student%20Information%20System/Simple%20Student%20Information%20System%20-%20vuln%205.pdf	https://github.com/E1CHO/cve_hub/blob/main/Simple%20Student%20Information%20System/Simple%20Student%20Information%20System%20-%20vuln%205.pdf
source_cve	CVE-2023-5927	CVE-2023-5927	CVE-2023-5927
cna_responsible	VulDB	VulDB	VulDB
advisory_date	1698879600 (11/02/2023)	1698879600 (11/02/2023)	1698879600 (11/02/2023)
cvss2_vuldb_ac	L	L	L
cvss2_vuldb_ci	P	P	P
cvss2_vuldb_ii	P	P	P
cvss2_vuldb_ai	P	P	P
cvss2_vuldb_e	POC	POC	POC
cvss2_vuldb_rc	UR	UR	UR
cvss2_vuldb_av	A	A	A
cvss2_vuldb_au	S	S	S
cvss2_vuldb_rl	ND	ND	ND
cvss3_vuldb_av	A	A	A
cvss3_vuldb_pr	L	L	L
cvss3_vuldb_ui	N	N	N
cvss3_vuldb_rl	X	X	X
cvss2_vuldb_basescore	5.2	5.2	5.2
cvss2_vuldb_tempscore	4.4	4.4	4.4
cvss3_vuldb_basescore	5.5	5.5	5.5
cvss3_vuldb_tempscore	5.0	5.0	5.0
cvss3_meta_basescore	5.5	5.5	6.2
cvss3_meta_tempscore	5.0	5.0	6.0
price_0day	$0-$5k	$0-$5k	$0-$5k
cve_assigned		1698879600 (11/02/2023)	1698879600 (11/02/2023)
cve_nvd_summary		A vulnerability has been found in Campcodes Simple Student Information System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/courses/manage_course.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-244327.	A vulnerability has been found in Campcodes Simple Student Information System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/courses/manage_course.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-244327.
cvss3_nvd_av			N
cvss3_nvd_ac			L
cvss3_nvd_pr			N
cvss3_nvd_ui			N
cvss3_nvd_s			U
cvss3_nvd_c			H
cvss3_nvd_i			N
cvss3_nvd_a			N
cvss2_nvd_av			A
cvss2_nvd_ac			L
cvss2_nvd_au			S
cvss2_nvd_ci			P
cvss2_nvd_ii			P
cvss2_nvd_ai			P
cvss3_cna_av			A
cvss3_cna_ac			L
cvss3_cna_pr			L
cvss3_cna_ui			N
cvss3_cna_s			U
cvss3_cna_c			L
cvss3_cna_i			L
cvss3_cna_a			L
cve_cna			VulDB
cvss2_nvd_basescore			5.2
cvss3_nvd_basescore			7.5
cvss3_cna_basescore			5.5

◂ ପଛକୁ ସମୀକ୍ଷା ଆହୁରି ଦୂରରେ ▸

Do you know our Splunk app?

Download it now for free!