CVE-2023-6771

EUVD-2023-58983
A vulnerability, which was classified as critical, has been found in SourceCodester Simple Student Attendance System 1.0. This issue affects the function save_attendance of the file actions.class.php. The manipulation of the argument sid leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-247907.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
ADJACENT_NETWORK
LOW
LOW
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
VulDBCNA
5.5 MEDIUM
CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 36%
Affected Products (NVD)
VendorProductVersion
oretnom23simple_student_attendance_system
1.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/Glunko/Simple-Student-Attendance-System_vulnerability/blob/main/README.md
https://vuldb.com/?ctiid.247907
https://vuldb.com/?id.247907
https://github.com/Glunko/Simple-Student-Attendance-System_vulnerability/blob/main/README.md
https://vuldb.com/?ctiid.247907
https://vuldb.com/?id.247907