A vulnerability has been found in SourceCodester Faculty Evaluation System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file ajax.php?action=delete_subject. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227641 was assigned to this vulnerability.
References
| Link | Resource |
|---|---|
| https://vuldb.com/?id.227641 | Third Party Advisory |
| https://vuldb.com/?ctiid.227641 | Third Party Advisory |
| https://github.com/oV201/cve_report/blob/main/vendors/oretnom23/faculty-evaluation-system/SQLi-1.md | Exploit |
Configurations
Configuration 1 (hide)
|
History
04 May 2023, 18:55
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
| First Time |
Faculty Evaluation System Project faculty Evaluation System
Faculty Evaluation System Project |
|
| CPE | cpe:2.3:a:faculty_evaluation_system_project:faculty_evaluation_system:1.0:*:*:*:*:*:*:* | |
| References | (MISC) https://vuldb.com/?ctiid.227641 - Third Party Advisory | |
| References | (MISC) https://vuldb.com/?id.227641 - Third Party Advisory | |
| References | (MISC) https://github.com/oV201/cve_report/blob/main/vendors/oretnom23/faculty-evaluation-system/SQLi-1.md - Exploit |
28 Apr 2023, 12:58
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-04-28 12:15
Updated : 2024-05-17 02:22
NVD link : CVE-2023-2365
Mitre link : CVE-2023-2365
JSON object : View
Products Affected
faculty_evaluation_system_project
- faculty_evaluation_system
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')