CVE-2023-5279
MEDIUMEngineers Online Portal 1.0 - SQL Injection via teacher_class_student_id Parameter
Title source: llmDescription
A vulnerability has been found in SourceCodester Engineers Online Portal 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file my_classmates.php. The manipulation of the argument teacher_class_student_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-240907.
References (3)
Core 3
Core References
Permissions Required, Third Party Advisory, VDB Entry vdb-entry
technical-description
https://vuldb.com/?id.240907
Permissions Required, Third Party Advisory, VDB Entry signature
permissions-required
https://vuldb.com/?ctiid.240907
Scores
CVSS v3
6.3
EPSS
0.0068
EPSS Percentile
48.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
total
Details
CWE
CWE-89
Status
published
Products (1)
engineers_online_portal_project/engineers_online_portal
1.0
Published
Sep 29, 2023
Tracked Since
Feb 18, 2026