SourceCodester Automatic Question Paper Generator System 1.0 Users.php id/email sql injection
A vulnerability classified as critical has been found in SourceCodester Automatic Question Paper Generator System 1.0. This affects an unknown part of the file classes/Users.php?f=save_ruser. The manipulation of the argument id/email leads to sql injection. The CWE definition for the vulnerability is CWE-89. The weakness was shared 03/23/2023. This vulnerability is uniquely identified as CVE-2023-1591. It is possible to initiate the attack remotely. Technical details are available. Furthermore, there is an exploit available. The pricing for an exploit might be around USD $0-$5k at the moment. The attack technique deployed by this issue is T1505 according to MITRE ATT&CK. It is declared as proof-of-concept. We expect the 0-day to have been worth approximately $0-$5k. A possible mitigation has been published before and not just after the disclosure of the vulnerability.