CVE-2023-1909
MEDIUMPHPGurukul BP Monitoring Management System 1.0 - SQL Injection
Title source: llmDescription
A vulnerability, which was classified as critical, was found in PHPGurukul BP Monitoring Management System 1.0. Affected is an unknown function of the file profile.php of the component User Profile Update Handler. The manipulation of the argument name/mobno leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-225318 is the identifier assigned to this vulnerability.
References (3)
Core 3
Core References
Third Party Advisory vdb-entry
technical-description
https://vuldb.com/?id.225318
Permissions Required, Third Party Advisory signature
permissions-required
https://vuldb.com/?ctiid.225318
Exploit, Third Party Advisory exploit
https://github.com/vsdwef/BP-Monitoring-Management-System/blob/main/report_English.pdf
Scores
CVSS v3
4.7
EPSS
0.0027
EPSS Percentile
50.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
Details
CWE
CWE-89
Status
published
Products (1)
phpgurukul/bp_monitoring_management_system
1.0
Published
Apr 07, 2023
Tracked Since
Feb 18, 2026