CVE-2023-5278

🗓️ 29 Sep 2023 17:31:05Reported by VulDBType

cve🔗 web.nvd.nist.gov👁 124 Views🌐 WEB

Vulnerability in SourceCodester Engineers Online Portal 1.0 allows remote SQL injection via the login.php file (CVE-2023-5278

Reporter	Title	Published	Views	Family All 9
Circl	CVE-2023-5278	29 Sep 202322:37	–	circl
CNNVD	Engineers Online Portal SQL Injection Vulnerability	29 Sep 202300:00	–	cnnvd
Cvelist	CVE-2023-5278 SourceCodester Engineers Online Portal login.php sql injection	29 Sep 202317:31	–	cvelist
EUVD	EUVD-2023-57602	3 Oct 202520:07	–	euvd
NVD	CVE-2023-5278	29 Sep 202318:15	–	nvd
OSV	CVE-2023-5278	29 Sep 202318:15	–	osv
Prion	Sql injection	29 Sep 202318:15	–	prion
Positive Technologies	PT-2023-31999 · Unknown · Sourcecodester Engineers Online Portal	29 Sep 202300:00	–	ptsecurity
Vulnrichment	CVE-2023-5278 SourceCodester Engineers Online Portal login.php sql injection	29 Sep 202317:31	–	vulnrichment

NVD

Vulners

Vulnrichment

Node

engineers_online_portal_project engineers_online_portalMatch1.0

[
  {
    "vendor": "SourceCodester",
    "product": "Engineers Online Portal",
    "versions": [
      {
        "version": "1.0",
        "status": "affected"
      }
    ]
  }
]

Source	Link
vuldb	www.vuldb.com/
github	www.github.com/llixixi/Engineers-Online-Portal-System/blob/main/Engineers%20Online%20Portal%20System%20login.php%20has%20Sqlinjection.pdf
vuldb	www.vuldb.com/

Parameter	Position	Path	Description	CWE
username	request body	login.php	SQL injection via login parameters (username/password) in login.php allows remote attacker to manipulate queries.	CWE-89
password	request body	login.php	SQL injection via login parameters (username/password) in login.php allows remote attacker to manipulate queries.	CWE-89

17 Jun 2026 06:48Current

7.4High risk

Vulners AI Score7.4

CVSS 3.16.3 - 9.8

CVSS 26.5

CVSS 36.3

EPSS0.00738

SSVC

CWE-89