CVE-2023-5008

{"id": "CVE-2023-5008", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "help@fluidattacks.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2023-12-08T00:15:07.597", "references": [{"url": "https://fluidattacks.com/advisories/blechacz/", "tags": ["Exploit", "Third Party Advisory"], "source": "help@fluidattacks.com"}, {"url": "https://www.kashipara.com/", "tags": ["Product"], "source": "help@fluidattacks.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "help@fluidattacks.com", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "Student Information System v1.0 is vulnerable to an unauthenticated SQL Injection vulnerability on the 'regno' parameter of index.php page, allowing an external attacker to dump all the contents of the database contents and bypass the login control."}, {"lang": "es", "value": "Student Information System v1.0 es afectado por una vulnerabilidad de inyecci\u00f3n SQL no autenticada en el par\u00e1metro 'regno' de la p\u00e1gina index.php, lo que permite a un atacante externo volcar todo el contenido de la base de datos y evitar el control de inicio de sesi\u00f3n."}], "lastModified": "2023-12-11T17:47:39.170", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:imsurajghosh:student_information_system:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4F523085-89EA-4377-9799-9A0BB43C342D"}], "operator": "OR"}]}], "sourceIdentifier": "help@fluidattacks.com"}