CVE-2023-46024

HIGH

Phpgurukul Teacher Subject Allocation Management System - SQL Injection

Title source: rule

Description

SQL Injection vulnerability in index.php in phpgurukul Teacher Subject Allocation Management System 1.0 allows attackers to run arbitrary SQL commands and obtain sensitive information via the 'searchdata' parameter.

Exploits (1)

exploitdb WORKING POC

by Ersin Erenler · textwebappsphp

https://www.exploit-db.com/exploits/51914

View Code ZIP pw:eip

References (1)

[Exploit, Third Party Advisory] https://github.com/ersinerenler/phpgurukul-Teacher-Subject-Allocation-Management-System-1.0/blob/main/CVE-2023-46024-phpgurukul-Teacher-Subject-Allocation-Management-System-1.0-SQL-Injection-Vulnerability.md

Scores

CVSS v3 7.5

EPSS 0.0242

EPSS Percentile 85.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-89

Status published

Products (1)

phpgurukul/teacher_subject_allocation_management_system 1.0

Published Nov 14, 2023

Tracked Since Feb 18, 2026