We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2023-5495

QDocs Smart School HTTP POST Request sql injection



Description

EN DE

A vulnerability was found in QDocs Smart School 6.4.1. It has been classified as critical. This affects an unknown part of the file /course/filterRecords/ of the component HTTP POST Request Handler. The manipulation of the argument searchdata[0][title]/searchdata[0][searchfield]/searchdata[0][searchvalue] leads to sql injection. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-241647. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Reserved 2023-10-10 | Published 2023-10-10 | Updated 2025-02-13 | Assigner VulDB


MEDIUM: 6.3CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
MEDIUM: 6.3CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.5AV:N/AC:L/Au:S/C:P/I:P/A:P

Problem types

CWE-89 SQL Injection

Product status

6.4.1
affected

Timeline

2023-10-10:Advisory disclosed
2023-10-10:VulDB entry created
2023-10-10:VulDB last update

Credits

skalvin (VulDB User) analyst

References

vuldb.com/?id.241647 vdb-entry technical-description

vuldb.com/?ctiid.241647 signature permissions-required

packetstormsecurity.com/...t-School-6.4.1-SQL-Injection.html

cve.org (CVE-2023-5495)

nvd.nist.gov (CVE-2023-5495)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2023-5495

Support options

Helpdesk Chat, Email, Knowledgebase
MonTueWedThuFriSatSun
242526272812345678910111213141516171819202122232425262728293031123456
MonTueWedThuFriSatSun
242526272812345678910111213141516171819202122232425262728293031123456