Sql injection

2023-12-2121:15:00

PRIOn knowledge base

www.prio-n.com

sql injection

student result management system

unauthenticated

vulnerability

add_classes.php

character validation

database

8.5 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

33.1%

JSON

Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘class_id’ parameter of the add_classes.php resource does not validate the characters received and they are sent unfiltered to the database.

CPENameOperatorVersion
student_result_management_systemeq1.0

CPE	Name	Operator	Version
	student_result_management_system	eq	1.0

References

fluidattacks.com/advisories/gilels/

projectworlds.in/