CVE-2023-39551

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-39551
PHPGurukul Online Security Guards Hiring System v.1.0 is vulnerable to SQL Injection via osghs/admin/search.php.

9.8 /10

CVSS v3.0 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://github.com/Trinity-SYT-SECURITY/XSS_vuln_issue/blob/main/Online%20Security%20Guards%20Hiring%20System%201.0.md Exploit Third Party Advisory
https://www.chtsecurity.com/news/0dbe8e1d-0a6c-4604-9cf1-778ddc86a8c1 Third Party Advisory
https://nvd.nist.gov/vuln/detail/CVE-2023-39551 Third Party Advisory US Government Resource
https://www.chtsecurity.com/news/285b9375-ba65-4f61-a02a-a575337dc86c Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:phpgurukul:online_security_guards_hiring_system:1.0:*:*:*:*:*:*:*
History

28 Dec 2023, 14:38

Type Values Removed Values Added
References (MISC) https://www.chtsecurity.com/news/0dbe8e1d-0a6c-4604-9cf1-778ddc86a8c1 - (MISC) https://www.chtsecurity.com/news/0dbe8e1d-0a6c-4604-9cf1-778ddc86a8c1 - Third Party Advisory
References (MISC) https://www.chtsecurity.com/news/285b9375-ba65-4f61-a02a-a575337dc86c - (MISC) https://www.chtsecurity.com/news/285b9375-ba65-4f61-a02a-a575337dc86c - Third Party Advisory
References (MISC) https://nvd.nist.gov/vuln/detail/CVE-2023-39551 - (MISC) https://nvd.nist.gov/vuln/detail/CVE-2023-39551 - Third Party Advisory, US Government Resource

14 Nov 2023, 22:21

Type Values Removed Values Added
First Time Phpgurukul online Security Guards Hiring System
Phpgurukul
References
  • (MISC) https://www.chtsecurity.com/news/0dbe8e1d-0a6c-4604-9cf1-778ddc86a8c1 -
  • (MISC) https://www.chtsecurity.com/news/285b9375-ba65-4f61-a02a-a575337dc86c -
  • (MISC) https://nvd.nist.gov/vuln/detail/CVE-2023-39551 -
CPE cpe:2.3:a:online_security_guards_hiring_system_project:online_security_guards_hiring_system:1.0:*:*:*:*:*:*:* cpe:2.3:a:phpgurukul:online_security_guards_hiring_system:1.0:*:*:*:*:*:*:*

08 Aug 2023, 17:22

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 9.8
CPE cpe:2.3:a:online_security_guards_hiring_system_project:online_security_guards_hiring_system:1.0:*:*:*:*:*:*:*
References (MISC) https://github.com/Trinity-SYT-SECURITY/XSS_vuln_issue/blob/main/Online%20Security%20Guards%20Hiring%20System%201.0.md - (MISC) https://github.com/Trinity-SYT-SECURITY/XSS_vuln_issue/blob/main/Online%20Security%20Guards%20Hiring%20System%201.0.md - Exploit, Third Party Advisory
First Time Online Security Guards Hiring System Project
Online Security Guards Hiring System Project online Security Guards Hiring System
CWE CWE-89

04 Aug 2023, 19:15

Type Values Removed Values Added
New CVE
Information

Published : 2023-08-04 19:15

Updated : 2023-12-28 14:38

NVD link : CVE-2023-39551

Mitre link : CVE-2023-39551

JSON object : View

Products Affected

phpgurukul

  • online_security_guards_hiring_system
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')