CVE-2023-5495

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Oct 10, 2023

Updated: May 17, 2024

CWE ID 89

Summary

CVE-2023-5495 is a critical vulnerability affecting QDocs Smart School 6.4.1. An unknown component, the HTTP POST Request Handler, is susceptible to SQL injection. The issue arises from manipulation of the searchdata[0][title]/searchdata[0][searchfield]/searchdata[0][searchvalue] arguments. Attacks can be initiated remotely, making this a significant security risk. The identifier for this vulnerability is VDB-241647, and efforts to notify the vendor have been unsuccessful.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/s84fxe
https://www.cve.org/CVERecord?id=CVE-2023-5495
https://nvd.nist.gov/vuln/detail/CVE-2023-5495

Back to Vulnerability Database

CVE-2023-5495

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations