Lucene search

MitreCVE-2023-46025

HistoryNov 14, 2023 - 10:15 p.m.

CVE-2023-46025

2023-11-1422:15:30

CWE-89

mitre

web.nvd.nist.gov

cve-2023-46025

sql injection

phpgurukul

teacher subject allocation management system

information security

CVSS3

4.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

AI Score

5.5

Confidence

High

EPSS

0.001

Percentile

18.1%

JSON

SQL Injection vulnerability in teacher-info.php in phpgurukul Teacher Subject Allocation Management System 1.0 allows attackers to obtain sensitive information via the ‘editid’ parameter.

Affected configurations

Nvd

Node

phpgurukulteacher_subject_allocation_management_systemMatch1.0

VendorProductVersionCPE
phpgurukulteacher_subject_allocation_management_system1.0cpe:2.3:a:phpgurukul:teacher_subject_allocation_management_system:1.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
phpgurukul	teacher_subject_allocation_management_system	1.0	cpe:2.3:a:phpgurukul:teacher_subject_allocation_management_system:1.0:::::::*

References

github.com/ersinerenler/phpgurukul-Teacher-Subject-Allocation-Management-System-1.0/blob/main/CVE-2023-46025-phpgurukul-Teacher-Subject-Allocation-Management-System-1.0-SQL-Injection-Vulnerability.md

CVSS3

4.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

AI Score

5.5

Confidence

High

EPSS

0.001

Percentile

18.1%

JSON

Related for CVE-2023-46025