CVE-2023-5495
published 2023-10-10CVE-2023-5495: A vulnerability was found in QDocs Smart School 6.4.1. It has been classified as critical. This affects an unknown part of the file /course/filterRecords/ of…
PriorityP261critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
1.06%
60.3th percentile
A vulnerability was found in QDocs Smart School 6.4.1. It has been classified as critical. This affects an unknown part of the file /course/filterRecords/ of the component HTTP POST Request Handler. The manipulation of the argument searchdata[0][title]/searchdata[0][searchfield]/searchdata[0][searchvalue] leads to sql injection. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-241647. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| qdocs | smart_school | — | — |
Detection & IOCsextracted from sources · hover to see the quote
commandsearchdata%5B0%5D%5Btitle%5D=rating&searchdata%5B0%5D%5Bsearchfield%5D=sleep(5)%23&searchdata%5B0%5D%5Bsearchvalue%5D=3↗
commandsearchdata[0][title]=Price&searchdata[0][searchfield]=1 or sleep(5)#&searchdata[0][searchvalue]=free&searchdata[1][title]=Sales&searchdata[1][searchfield]=sales&searchdata[1][searchvalue]=low↗
commandsearchdata[0][title]=Price&searchdata[0][searchfield]=1 or sleep(5)#&searchdata[0][searchvalue]=free&searchdata[1][title]=Sales'XOR(SELECT(0)FROM(SELECT(SLEEP(5)))a)XOR'Z&searchdata[1][searchfield]=sales&searchdata[1][searchvalue]=low↗
commandsearchdata[0][title]=Price&searchdata[0][searchfield]=1 or sleep(5)#&searchdata[0][searchvalue]=free&searchdata[1][title]=Sales&searchdata[1][searchfield]=sales&searchdata[1][searchvalue]=low'XOR(SELECT(0)FROM(SELECT(SLEEP(7)))a)XOR'Z↗
- →Monitor HTTP POST requests to /course/filterRecords/ for SQL injection patterns in the searchdata[0][title], searchdata[0][searchfield], and searchdata[0][searchvalue] parameters, particularly time-based blind SQLi payloads using SLEEP(). ↗
- →Monitor HTTP POST requests to /online_admission for SQL injection in the multipart email field, specifically XOR-based SLEEP payloads indicating time-based blind SQLi. ↗
- →Detect time-based blind SQL injection technique targeting MySQL >= 5.0.12 via SLEEP() and XOR(SELECT(0)FROM(SELECT(SLEEP(N)))a)XOR patterns in POST body parameters. ↗
- →Flag POST requests to /course/filterRecords/ where searchdata parameters contain URL-encoded SQL metacharacters such as sleep(5)%23 (i.e., sleep(5)#). ↗
- ·The vulnerability affects QDocs Smart School version 6.4.1 specifically; the vendor did not respond to disclosure and no patch is confirmed available. ↗
- ·The exploit was tested on Windows 10 Pro; behavior on other OS deployments of Smart School 6.4.1 may vary. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
2023-10-10
Published