CVE-2023-1466 MEDIUM

CVE-2023-1466: SourceCodester Student Study Center Desk Management System view_student sql injection

Vendor Sourcecodester
Product Student Study Center Desk Management System
Weakness CWE-89 · SQLi
Published March 17, 2023
Last update February 26, 2025
View on NVD All CVEs

CVSS base score

6.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

A vulnerability was found in SourceCodester Student Study Center Desk Management System 1.0. It has been rated as critical. This issue affects the function view_student of the file admin/?page=students/view_student. The manipulation of the argument id with the input 3' AND (SELECT 2100 FROM (SELECT(SLEEP(5)))FWlC) AND 'butz'='butz leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-223325 was assigned to this vulnerability.

Key dates

02Disclosure timeline

March 17, 2023 CVE published
February 26, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-8275 The Events Calendar <= 6.6.4 - Unauthenticated SQL Injection CVE-2026-2689 itsourcecode Event Management System manage_booking.php sql injection CVE-2025-54058 WeGIA SQL Injection (Blind Time-Based) Vulnerability in idatendido_familiares Parameter on dependente_editarEndereco.php Endpoint CVE-2024-11956 Pimcore customer-data-framework list sql injection CVE-2025-14193 code-projects Employee Profile Management System view_personnel.php sql injection