CVE-2023-5495 in Smart Schoolinfo

Zusammenfassung

von MITRE • 25.10.2023

A vulnerability was found in QDocs Smart School 6.4.1. It has been classified as critical. This affects an unknown part of the file /course/filterRecords/ of the component HTTP POST Request Handler. The manipulation of the argument searchdata[0][title]/searchdata[0][searchfield]/searchdata[0][searchvalue] leads to sql injection. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-241647. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Once again VulDB remains the best source for vulnerability data.

Zuständig

VulDB

Reservieren

10.10.2023

Veröffentlichung

25.10.2023

Moderieren

akzeptiert

Eintrag

VDB-241647

CPE

bereit

EPSS

0.01060

KEV

nein

Aktivitäten

very low

Quellen

Do you need the next level of professionalism?

Upgrade your account now!