CVE-2023-5008: Student Information System v1.0 - Unauthenticated SQL Injection
First published: Thu Dec 07 2023(Updated: )
Student Information System v1.0 is vulnerable to an unauthenticated SQL Injection vulnerability on the 'regno' parameter of index.php page, allowing an external attacker to dump all the contents of the database contents and bypass the login control.
Credit: help@fluidattacks.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Student Information System | =1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2023-5008?
CVE-2023-5008 is classified as a high-severity vulnerability due to its potential for unauthenticated SQL injection leading to database compromise.
How do I fix CVE-2023-5008?
To fix CVE-2023-5008, validate and sanitize the input for the 'regno' parameter in the index.php file to prevent SQL injection.
What software is affected by CVE-2023-5008?
CVE-2023-5008 affects Student Information System version 1.0.
Can CVE-2023-5008 be exploited remotely?
Yes, CVE-2023-5008 can be exploited remotely, allowing attackers to access the database without authentication.
What potential impact does CVE-2023-5008 have on data security?
The impact of CVE-2023-5008 includes the potential exposure and extraction of sensitive data from the database.
- agent/references
- agent/event
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- agent/author
- agent/severity
- agent/weakness
- agent/title
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/tags
- collector/nvd-api
- agent/software-canonical-lookup-request
- vendor/imsurajghosh
- canonical/student information system
- version/student information system/1.0