SourceCodester Automatic Question Paper Generator System 1.0 GET Parameter view_class.php id sql injection
A vulnerability classified as critical was found in SourceCodester Automatic Question Paper Generator System 1.0. This vulnerability affects unknown code of the file admin/courses/view_class.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. Using CWE to declare the problem leads to CWE-89. The weakness was published 03/23/2023. This vulnerability was named CVE-2023-1592. The attack can be initiated remotely. Technical details are available. Furthermore, there is an exploit available. The current price for an exploit might be approx. USD $0-$5k at the moment. The MITRE ATT&CK project declares the attack technique as T1505. It is declared as proof-of-concept. As 0-day the estimated underground price was around $0-$5k. A possible mitigation has been published before and not just after the disclosure of the vulnerability.