CVE-2023-48716 – Student Result Management System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

https://notcve.org/view.php?id=CVE-2023-48716

21 Dec 2023 — Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'class_id' parameter of the add_classes.php resource does not validate the characters received and they are sent unfiltered to the database. Student Result Management System v1.0 es afectado por múltiples vulnerabilidades de inyección SQL no autenticada. El parámetro 'class_id' del recurso add_classes.php no valida los caracteres recibidos y se envían sin filtrar a la base de datos. Student Res... • https://fluidattacks.com/advisories/gilels • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •