CVE-2023-50743

CRITICAL

Online Notice Board System 1.0 - Unauthenticated SQL Injection via Registration dd Parameter

Title source: llm
STIX 2.1

Description

Online Notice Board System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'dd' parameter of the registration.php resource does not validate the characters received and they are sent unfiltered to the database.

References (2)

Core 2
Core References
Exploit, Third Party Advisory third-party-advisory
https://fluidattacks.com/advisories/perahia/
Product product
https://www.kashipara.com/

Scores

CVSS v3 9.8
EPSS 0.0067
EPSS Percentile 47.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Details

CWE
CWE-89
Status published
Products (1)
kashipara/online_notice_board_system 1.0
Published Jan 04, 2024
Tracked Since Feb 18, 2026