CVE-2023-2151

CWE-89SQL InjectionCWE-416Use After Free21 documents5 sources
Severity
9.8CRITICAL
EPSS
0.1%
top 79.38%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Sourcecodester Student Study Center Desk Management SystemOretnom23 Student Study Center Desk Management System
Timeline
PublishedApr 18
Latest updateNov 14

Description

A vulnerability, which was classified as critical, was found in SourceCodester Student Study Center Desk Management System 1.0. Affected is an unknown function of the file manage_student.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-226272.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LExploitability: 2.8 | Impact: 3.4

Affected Packages2 packages

🔴Vulnerability Details

2
CVEList
SourceCodester Student Study Center Desk Management System manage_student.php sql injection2023-04-18
GHSA
GHSA-3ghf-mqfr-9xvw: A vulnerability, which was classified as critical, was found in SourceCodester Student Study Center Desk Management System 12023-04-18

📋Vendor Advisories

17
Microsoft
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability2023-11-14
Microsoft
Chromium: CVE-2023-5850 Incorrect security UI in Downloads2023-11-14
Microsoft
Chromium: CVE-2023-5849 Integer overflow in USB2023-11-14
Microsoft
Chromium: CVE-2023-5853 Incorrect security UI in Downloads2023-11-14
Microsoft
Chromium: CVE-2023-5480 Inappropriate implementation in Payments2023-11-14
CVE-2023-2151 (CRITICAL CVSS 9.8) | A vulnerability | cvebase.io