CVE-2023-46024

HIGH

phpgurukul Teacher Subject Allocation Management System 1.0 - SQL Injection via searchdata Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-46024. PoCs published by Ersin Erenler.

AI-analyzed exploit summary The exploit demonstrates a SQL injection vulnerability in Teacher Subject Allocation Management System 1.0 via the 'searchdata' parameter in index.php. It includes SQLMap commands to exploit the vulnerability, confirming multiple SQLi techniques such as boolean-based blind, error-based, and time-based blind attacks.

Description

SQL Injection vulnerability in index.php in phpgurukul Teacher Subject Allocation Management System 1.0 allows attackers to run arbitrary SQL commands and obtain sensitive information via the 'searchdata' parameter.

Exploits (1)

exploitdb WORKING POC
by Ersin Erenler · textwebappsphp
https://www.exploit-db.com/exploits/51914

The exploit demonstrates a SQL injection vulnerability in Teacher Subject Allocation Management System 1.0 via the 'searchdata' parameter in index.php. It includes SQLMap commands to exploit the vulnerability, confirming multiple SQLi techniques such as boolean-based blind, error-based, and time-based blind attacks.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Teacher Subject Allocation Management System 1.0
No auth needed
Prerequisites: Access to the vulnerable web application · SQLMap or similar SQLi tool
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1

Scores

CVSS v3 7.5
EPSS 0.0211
EPSS Percentile 84.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Details

CWE
CWE-89
Status published
Products (1)
phpgurukul/teacher_subject_allocation_management_system 1.0
Published Nov 14, 2023
Tracked Since Feb 18, 2026