CVE-2023-6653
PHPGurukul Teacher Subject Allocation Management System Create a new Subject subject.php cross-site request forgery
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
A vulnerability was found in PHPGurukul Teacher Subject Allocation Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/subject.php of the component Create a new Subject. The manipulation of the argument cid leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-247346 is the identifier assigned to this vulnerability.
Se encontró una vulnerabilidad en PHPGurukul Teacher Subject Allocation Management System 1.0. Ha sido calificada como problemática. Una función desconocida del archivo /admin/subject.php del componente Create a new Subject es afectada por esta vulnerabilidad. La manipulación del argumento cid conduce a cross-site request forgery. El ataque puede lanzarse de forma remota. El exploit ha sido divulgado al público y puede utilizarse. VDB-247346 es el identificador asignado a esta vulnerabilidad.
Eine problematische Schwachstelle wurde in PHPGurukul Teacher Subject Allocation Management System 1.0 ausgemacht. Es geht hierbei um eine nicht näher spezifizierte Funktion der Datei /admin/subject.php der Komponente Create a new Subject. Dank der Manipulation des Arguments cid mit unbekannten Daten kann eine cross-site request forgery-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2023-12-09 CVE Reserved
- 2023-12-10 CVE Published
- 2024-08-02 CVE Updated
- 2024-08-02 First Exploit
- 2024-11-09 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-352: Cross-Site Request Forgery (CSRF)
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/csrf_add_sub.md | 2024-08-02 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Phpgurukul Search vendor "Phpgurukul" | Teacher Subject Allocation Management System Search vendor "Phpgurukul" for product "Teacher Subject Allocation Management System" | 1.0 Search vendor "Phpgurukul" for product "Teacher Subject Allocation Management System" and version "1.0" | - |
Affected
| ||||||