Authenticated SQL Injection in Student Information System v1.0 via 'coursecode' parameter in marks.php

Authenticated SQL Injection in Student Information System v1.0 via 'coursecode' parameter in marks.php

CVE-2023-5010 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Student Information System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'coursecode' parameter of the marks.php resource does not validate the characters received and they are sent unfiltered to the database.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.