5 matches found
CVE-2023-4776
The School Management System WordPress plugin before 2.2.5 uses the WordPress escsql function on a field not delimited by quotes and did not first prepare the query, leading to a SQL injection exploitable by relatively low-privilege users like Teachers...
WordPress WPSchoolPress Plugin < 2.2.5 is vulnerable to SQL Injection
Software WPSchoolPress Type Plugin Vulnerable versions 2.2.5 Fixed in 2.2.5 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-4776 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID b8289454825b Credits Dao Xuan Hieu Required privilege Teacher Published 17...
CVE-2023-4776
The School Management System WordPress plugin before 2.2.5 uses the WordPress escsql function on a field not delimited by quotes and did not first prepare the query, leading to a SQL injection exploitable by relatively low-privilege users like Teachers...
CVE-2023-4776 WPSchoolPress < 2.2.5 - Teacher+ SQLi
The School Management System WordPress plugin before 2.2.5 uses the WordPress escsql function on a field not delimited by quotes and did not first prepare the query, leading to a SQL injection exploitable by relatively low-privilege users like Teachers...
CVE-2023-4776
CVE-2023-4776 affects the WordPress plugin WPSchoolPress (School Management System)