{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-5008","assignerOrgId":"84fe0718-d6bb-4716-a7e8-81a6d1daa869","state":"PUBLISHED","assignerShortName":"Fluid Attacks","dateReserved":"2023-09-15T22:26:16.954Z","datePublished":"2023-12-07T23:16:52.700Z","dateUpdated":"2024-10-09T13:57:21.829Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"Student Information System","vendor":"Kashipara Group","versions":[{"status":"affected","version":"1.0"}]}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Student Information System v1.0 is vulnerable to an unauthenticated SQL Injection vulnerability on the 'regno' parameter of index.php page, allowing an external attacker to dump all the contents of the database contents and bypass the login control."}],"value":"Student Information System v1.0 is vulnerable to an unauthenticated SQL Injection vulnerability on the 'regno' parameter of index.php page, allowing an external attacker to dump all the contents of the database contents and bypass the login control."}],"impacts":[{"capecId":"CAPEC-66","descriptions":[{"lang":"en","value":"CAPEC-66 SQL Injection"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-89","description":"CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"84fe0718-d6bb-4716-a7e8-81a6d1daa869","shortName":"Fluid Attacks","dateUpdated":"2023-12-07T23:16:52.700Z"},"references":[{"tags":["third-party-advisory"],"url":"https://fluidattacks.com/advisories/blechacz/"},{"tags":["product"],"url":"https://www.kashipara.com/"}],"source":{"discovery":"UNKNOWN"},"title":"Student Information System v1.0 - Unauthenticated SQL Injection","x_generator":{"engine":"Vulnogram 0.1.0-dev"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T07:44:53.786Z"},"title":"CVE Program Container","references":[{"tags":["third-party-advisory","x_transferred"],"url":"https://fluidattacks.com/advisories/blechacz/"},{"tags":["product","x_transferred"],"url":"https://www.kashipara.com/"}]},{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-10-09T13:56:36.800090Z","id":"CVE-2023-5008","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-10-09T13:57:21.829Z"}}]}}