CVE-2023-5010: Student Information System v1.0 - Multiple Authenticated SQL Injections (SQLi)
First published: Wed Dec 20 2023(Updated: )
Student Information System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'coursecode' parameter of the marks.php resource does not validate the characters received and they are sent unfiltered to the database.
Credit: help@fluidattacks.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Student Information System | =1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2023-5010?
CVE-2023-5010 is classified as a critical vulnerability due to its potential to allow attackers to execute arbitrary SQL commands.
How do I fix CVE-2023-5010?
To fix CVE-2023-5010, ensure input validation is implemented on the 'coursecode' parameter to prevent SQL injection attacks.
Which version of the Student Information System is affected by CVE-2023-5010?
CVE-2023-5010 affects version 1.0 of the Student Information System.
What type of vulnerability is CVE-2023-5010?
CVE-2023-5010 is an authenticated SQL injection vulnerability that can lead to unauthorized data access and manipulation.
Where can I find more information about CVE-2023-5010?
Further details on CVE-2023-5010 can usually be found in security advisories provided by the software vendor or security organizations.
- agent/references
- agent/type
- agent/event
- agent/first-publish-date
- agent/softwarecombine
- agent/author
- agent/severity
- agent/weakness
- agent/title
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/tags
- collector/nvd-api
- agent/software-canonical-lookup-request
- vendor/kashipara
- canonical/student information system
- version/student information system/1.0