CVE-2023-5010: Student Information System v1.0 - Multiple Authenticated SQL Injections (SQLi)

9.8 CVSS

Description

Student Information System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'coursecode' parameter of the marks.php resource does not validate the characters received and they are sent unfiltered to the database.

Classification

CVE ID: CVE-2023-5010

CVSS Base Severity: CRITICAL

CVSS Base Score: 9.8

Affected Products

Vendor: Kashipara Group

Product: Student Information System

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.44% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://fluidattacks.com/advisories/kissin/
https://www.kashipara.com/

Timeline

2024-11-28 00:11:41 UTC
CVE

Student Information System v1.0 - Multiple Authenticated SQL Injections (SQLi)