A vulnerability, which was classified as critical, has been found in SourceCodester Simple Student Attendance System 1.0. This issue affects the function save_attendance of the file actions.class.php. The manipulation of the argument sid leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-247907.
References
| Link | Resource |
|---|---|
| https://vuldb.com/?id.247907 | Third Party Advisory VDB Entry |
| https://vuldb.com/?ctiid.247907 | Permissions Required Third Party Advisory VDB Entry |
| https://github.com/Glunko/Simple-Student-Attendance-System_vulnerability/blob/main/README.md | Third Party Advisory |
Configurations
History
18 Dec 2023, 18:57
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
| CPE | cpe:2.3:a:oretnom23:simple_student_attendance_system:1.0:*:*:*:*:*:*:* | |
| First Time |
Oretnom23
Oretnom23 simple Student Attendance System |
|
| References | () https://vuldb.com/?ctiid.247907 - Permissions Required, Third Party Advisory, VDB Entry | |
| References | () https://github.com/Glunko/Simple-Student-Attendance-System_vulnerability/blob/main/README.md - Third Party Advisory | |
| References | () https://vuldb.com/?id.247907 - Third Party Advisory, VDB Entry |
13 Dec 2023, 19:54
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-12-13 19:15
Updated : 2024-05-17 02:33
NVD link : CVE-2023-6771
Mitre link : CVE-2023-6771
JSON object : View
Products Affected
oretnom23
- simple_student_attendance_system
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')