Lucene search

[email protected]NVD:CVE-2023-40946

HistorySep 11, 2023 - 8:15 p.m.

CVE-2023-40946

2023-09-1120:15:10

CWE-89

[email protected]

web.nvd.nist.gov

schoolmate 1.3

sql injection

vulnerability

validatelogin.php

session

username

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.8

Confidence

High

EPSS

0.001

Percentile

45.5%

JSON

Schoolmate 1.3 is vulnerable to SQL Injection in the variable $username from SESSION in ValidateLogin.php.

Affected configurations

Nvd

Node

schoolmate_projectschoolmateMatch1.3

VendorProductVersionCPE
schoolmate_projectschoolmate1.3cpe:2.3:a:schoolmate_project:schoolmate:1.3:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
schoolmate_project	schoolmate	1.3	cpe:2.3:a:schoolmate_project:schoolmate:1.3:::::::*

References

github.com/KLSEHB/vulnerability-report/blob/main/Schoolmate_CVE-2023-40946

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.8

Confidence

High

EPSS

0.001

Percentile

45.5%

JSON

Related for NVD:CVE-2023-40946

prion1 cvelist1 cve1