Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2023-46024

CWE-89 — SQL Injection4 documents4 sources

Severity

7.5HIGH

EPSS

2.4%

top 14.87%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Phpgurukul Teacher Subject Allocation Management System

Timeline

PublishedNov 14

Latest updateMar 20

Description

SQL Injection vulnerability in index.php in phpgurukul Teacher Subject Allocation Management System 1.0 allows attackers to run arbitrary SQL commands and obtain sensitive information via the 'searchdata' parameter.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

▶NVDphpgurukul/teacher_subject_allocation_management_system1.0

🔴Vulnerability Details

GHSA

GHSA-jmvp-x9cx-79mx: SQL Injection vulnerability in index↗2023-11-15

▶

CVEList

CVE-2023-46024: SQL Injection vulnerability in index↗2023-11-14

▶

💥Exploits & PoCs

Exploit-DB

Teacher Subject Allocation Management System 1.0 - 'searchdata' SQLi↗2024-03-20

▶