CVE-2023-5495
QDocs Smart School HTTP POST Request sql injection
We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
QDocs Smart School HTTP POST Request sql injection
| Assigner | VulDB |
| Reserved | 2023-10-10 |
| Published | 2023-10-10 |
| Updated | 2024-08-02 |
A vulnerability was found in QDocs Smart School 6.4.1. It has been classified as critical. This affects an unknown part of the file /course/filterRecords/ of the component HTTP POST Request Handler. The manipulation of the argument searchdata[0][title]/searchdata[0][searchfield]/searchdata[0][searchvalue] leads to sql injection. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-241647. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Es wurde eine Schwachstelle in QDocs Smart School 6.4.1 ausgemacht. Sie wurde als kritisch eingestuft. Es geht dabei um eine nicht klar definierte Funktion der Datei /course/filterRecords/ der Komponente HTTP POST Request Handler. Durch Beeinflussen des Arguments searchdata[0][title]/searchdata[0][searchfield]/searchdata[0][searchvalue] mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren.
| CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L | |
| CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L | |
| CVSS:2.0/AV:N/AC:L/Au:S/C:P/I:P/A:P |
| 2023-10-10: | Advisory disclosed |
| 2023-10-10: | VulDB entry created |
| 2023-10-10: | VulDB last update |
skalvin (VulDB User)
https://vuldb.com/?id.241647
https://vuldb.com/?ctiid.241647
http://packetstormsecurity.com/files/175071/Smart-School-6.4.1-SQL-Injection.html
