SourceCodester Automatic Question Paper Generator System 1.0 GET Parameter view_class.php id sql injection

A vulnerability classified as critical was found in SourceCodester Automatic Question Paper Generator System 1.0. This vulnerability affects unknown code of the file admin/courses/view_class.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. Using CWE to declare the problem leads to CWE-89. The weakness was published 03/23/2023. This vulnerability was named CVE-2023-1592. The attack can be initiated remotely. Technical details are available. Furthermore, there is an exploit available. The current price for an exploit might be approx. USD $0-$5k at the moment. The MITRE ATT&CK project declares the attack technique as T1505. It is declared as proof-of-concept. As 0-day the estimated underground price was around $0-$5k. A possible mitigation has been published before and not just after the disclosure of the vulnerability.

Field03/23/2023 09:4704/13/2023 09:2404/13/2023 09:26
vendorSourceCodesterSourceCodesterSourceCodester
nameAutomatic Question Paper Generator SystemAutomatic Question Paper Generator SystemAutomatic Question Paper Generator System
version1.01.01.0
componentGET Parameter HandlerGET Parameter HandlerGET Parameter Handler
fileadmin/courses/view_class.phpadmin/courses/view_class.phpadmin/courses/view_class.php
argumentididid
cwe89 (sql injection)89 (sql injection)89 (sql injection)
risk222
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cLLL
cvss3_vuldb_iLLL
cvss3_vuldb_aLLL
cvss3_vuldb_ePPP
cvss3_vuldb_rcRRR
availability111
cveCVE-2023-1592CVE-2023-1592CVE-2023-1592
responsibleVulDBVulDBVulDB
date1679526000 (03/23/2023)1679526000 (03/23/2023)1679526000 (03/23/2023)
cvss2_vuldb_avNNN
cvss2_vuldb_acLLL
cvss2_vuldb_ciPPP
cvss2_vuldb_iiPPP
cvss2_vuldb_aiPPP
cvss2_vuldb_ePOCPOCPOC
cvss2_vuldb_rcURURUR
cvss2_vuldb_auSSS
cvss2_vuldb_rlNDNDND
cvss3_vuldb_prLLL
cvss3_vuldb_rlXXX
cvss2_vuldb_basescore6.56.56.5
cvss2_vuldb_tempscore5.65.65.6
cvss3_vuldb_basescore6.36.36.3
cvss3_vuldb_tempscore5.75.75.7
cvss3_meta_basescore6.36.37.5
cvss3_meta_tempscore5.75.77.3
price_0day$0-$5k$0-$5k$0-$5k
cve_assigned1679526000 (03/23/2023)1679526000 (03/23/2023)
cve_nvd_summaryA vulnerability classified as critical was found in SourceCodester Automatic Question Paper Generator System 1.0. This vulnerability affects unknown code of the file admin/courses/view_class.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The identifier of this vulnerability is VDB-223660.A vulnerability classified as critical was found in SourceCodester Automatic Question Paper Generator System 1.0. This vulnerability affects unknown code of the file admin/courses/view_class.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The identifier of this vulnerability is VDB-223660.
cvss3_nvd_avN
cvss3_nvd_acL
cvss3_nvd_prN
cvss3_nvd_uiN
cvss3_nvd_sU
cvss3_nvd_cH
cvss3_nvd_iH
cvss3_nvd_aH
cvss2_nvd_avN
cvss2_nvd_acL
cvss2_nvd_auS
cvss2_nvd_ciP
cvss2_nvd_iiP
cvss2_nvd_aiP
cvss3_cna_avN
cvss3_cna_acL
cvss3_cna_prL
cvss3_cna_uiN
cvss3_cna_sU
cvss3_cna_cL
cvss3_cna_iL
cvss3_cna_aL
cve_cnaVulDB
cvss2_nvd_basescore6.5
cvss3_nvd_basescore9.8
cvss3_cna_basescore6.3

PreviousOverviewNext

Do you know our Splunk app?

Download it now for free!