CVE-2023-6658

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Dec 10, 2023

Updated: May 17, 2024

CWE ID 89

Summary

CVE-2023-6656: A critical sql injection vulnerability has been identified in the Simple Student Attendance System 1.0 developed by SourceCodester. The issue is located in the file ajax-api.php?action=save_attendance, where an argument named class_id is susceptible to manipulation. This exploit, with identifier VDB-247366, can lead to unauthorized SQL queries, putting the system's data at risk. The vulnerability has been disclosed to the public, potentially enabling malicious actors to exploit it.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/twTmwc
https://www.cve.org/CVERecord?id=CVE-2023-6658
https://nvd.nist.gov/vuln/detail/CVE-2023-6658

Back to Vulnerability Database

CVE-2023-6658

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations