CVE-2021-28423

CWE-89SQL Injection3 documents3 sources
Severity
8.8HIGH
EPSS
1.7%
top 17.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Phpgurukul Teachers Record Management System
Timeline
PublishedJul 1
Latest updateMay 24

Description

Multiple SQL Injection vulnerabilities in Teachers Record Management System 1.0 thru 2.1 allow remote authenticated users to execute arbitrary SQL commands via the 'editid' GET parameter in edit-subjects-detail.php, edit-teacher-detail.php, or the 'searchdata' POST parameter in search.php.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-w463-hpv4-95pw: Multiple SQL Injection vulnerabilities in Teachers Record Management System 12022-05-24
CVEList
CVE-2021-28423: Multiple SQL Injection vulnerabilities in Teachers Record Management System 12021-07-01
CVE-2021-28423 (HIGH CVSS 8.8) | Multiple SQL Injection vulnerabilit | cvebase.io