CVE-2023-5007: Student Information System v1.0 - Multiple Authenticated SQL Injections (SQLi)
First published: Wed Dec 20 2023(Updated: )
Student Information System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'id' parameter of the marks.php resource does not validate the characters received and they are sent unfiltered to the database.
Credit: help@fluidattacks.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Student Information System | =1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2023-5007?
CVE-2023-5007 is classified as a high severity vulnerability due to its potential for exploitation via SQL injection.
How do I fix CVE-2023-5007?
To fix CVE-2023-5007, sanitize and validate the 'id' parameter inputs in the marks.php file to prevent unfiltered data from being sent to the database.
Which software versions are affected by CVE-2023-5007?
CVE-2023-5007 affects version 1.0 of the Kashipara Student Information System.
What types of vulnerabilities are present in CVE-2023-5007?
CVE-2023-5007 contains multiple Authenticated SQL Injection vulnerabilities.
What is the impact of exploiting CVE-2023-5007?
Exploitation of CVE-2023-5007 allows attackers to execute arbitrary SQL queries, potentially leading to data leakage or manipulation.
- agent/references
- agent/type
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/author
- agent/severity
- agent/weakness
- agent/title
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/tags
- collector/nvd-api
- agent/software-canonical-lookup-request
- vendor/kashipara
- canonical/student information system
- version/student information system/1.0