CVE-2023-44480: Leave Management System Project v1.0 - Multiple Authenticated SQL Injections (SQLi)
First published: Fri Oct 27 2023(Updated: )
Leave Management System Project v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'setcasualleave' parameter of the admin/setleaves.php resource does not validate the characters received and they are sent unfiltered to the database.
Credit: help@fluidattacks.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Projectworlds Leave Management System | =1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID of the Leave Management System Project?
The vulnerability ID of the Leave Management System Project is CVE-2023-44480.
What is the severity of CVE-2023-44480?
The severity of CVE-2023-44480 is critical with a severity value of 9.8.
What is the affected software in CVE-2023-44480?
The affected software in CVE-2023-44480 is Projectworlds Leave Management System v1.0.
What is the CWE of CVE-2023-44480?
The CWE of CVE-2023-44480 is CWE-89 (SQL Injection).
How can I fix the SQL Injection vulnerability in the Leave Management System Project?
To fix the SQL Injection vulnerability, ensure that the 'setcasualleave' parameter of the admin/setleaves.php resource properly validates and filters characters before sending them to the database.
- collector/nvd-api
- agent/title
- agent/weakness
- agent/author
- agent/type
- agent/event
- agent/severity
- agent/references
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/projectworlds
- canonical/projectworlds leave management system
- version/projectworlds leave management system/1.0