CVE-2023-7110: code-projects Library Management System login.php sql injection
First published: Tue Dec 26 2023(Updated: )
A vulnerability, which was classified as critical, has been found in code-projects Library Management System 2.0. This issue affects some unknown processing of the file login.php. The manipulation of the argument student leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249005 was assigned to this vulnerability.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Fabianros Library Management System | =2.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-7110?
CVE-2023-7110 is classified as a critical vulnerability.
How does CVE-2023-7110 affect the Library Management System?
CVE-2023-7110 allows for SQL injection through the manipulation of the student argument in the login.php file.
Can CVE-2023-7110 be exploited remotely?
Yes, CVE-2023-7110 can be exploited remotely.
What are the potential impacts of CVE-2023-7110?
Successful exploitation of CVE-2023-7110 could lead to unauthorized access to sensitive data.
How do I mitigate CVE-2023-7110 in my application?
To mitigate CVE-2023-7110, implement input validation and prepared statements to prevent SQL injection.
- agent/type
- agent/first-publish-date
- agent/references
- agent/weakness
- agent/title
- agent/description
- collector/epss-latest
- source/FIRST
- agent/epss
- agent/author
- agent/event
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/severity
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- agent/source
- vendor/fabianros
- canonical/fabianros library management system
- version/fabianros library management system/2.0