A vulnerability classified as critical has been found in Campcodes Online Thesis Archiving System 1.0. This affects an unknown part of the file /admin/curriculum/view_curriculum.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-226269 was assigned to this vulnerability.
References
| Link | Resource |
|---|---|
| https://vuldb.com/?ctiid.226269 | Permissions Required Third Party Advisory |
| https://vuldb.com/?id.226269 | Third Party Advisory |
| https://github.com/E1CHO/cve_hub/blob/main/Online%20Thesis%20Archiving%20System/Online%20Thesis%20Archiving%20System%20-%20vuln%205.pdf | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
25 Apr 2023, 20:17
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Online Thesis Archiving System Project online Thesis Archiving System
Online Thesis Archiving System Project |
|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
| CPE | cpe:2.3:a:online_thesis_archiving_system_project:online_thesis_archiving_system:1.0:*:*:*:*:*:*:* | |
| References | (MISC) https://github.com/E1CHO/cve_hub/blob/main/Online%20Thesis%20Archiving%20System/Online%20Thesis%20Archiving%20System%20-%20vuln%205.pdf - Exploit, Third Party Advisory | |
| References | (MISC) https://vuldb.com/?ctiid.226269 - Permissions Required, Third Party Advisory | |
| References | (MISC) https://vuldb.com/?id.226269 - Third Party Advisory |
18 Apr 2023, 13:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-04-18 13:15
Updated : 2024-05-17 02:22
NVD link : CVE-2023-2148
Mitre link : CVE-2023-2148
JSON object : View
Products Affected
online_thesis_archiving_system_project
- online_thesis_archiving_system
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')