CVE-2023-5007 HIGH

CVE-2023-5007: Student Information System v1.0 - Multiple Authenticated SQL Injections (SQLi)

Vendor Kashipara Group

Product Student Information System

Weakness CWE-89 · SQLi

Published December 20, 2023

Last update May 19, 2025

View on NVD All CVEs

CVSS base score

8.8/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Student Information System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'id' parameter of the marks.php resource does not validate the characters received and they are sent unfiltered to the database.

Key dates

02Disclosure timeline

December 20, 2023 CVE published

May 19, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-5007

Related vulnerabilities

04Related CVE

CVE-2023-6074 PHPGurukul Restaurant Table Booking System Booking Reservation check-status.php sql injection CVE-2024-11729 KiviCare – Clinic & Patient Management System (EHR) <= 3.6.4 - Authenticated (Subscriber+) SQL Injection CVE-2023-0979 SQLi in MedDataPACS CVE-2025-10599 itsourcecode Web-Based Internet Laboratory Management System login.php AuthenticateUser sql injection CVE-2025-9511 itsourcecode Apartment Management System addvisitor.php sql injection