CVE-2023-6653 MEDIUM

CVE-2023-6653: PHPGurukul Teacher Subject Allocation Management System Create a new Subject subject.php cross-site request forgery

Vendor Phpgurukul
Product Teacher Subject Allocation Management System
Weakness CWE-352 · CSRF
Published December 10, 2023
Last update August 2, 2024
View on NVD All CVEs

CVSS base score

4.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

A vulnerability was found in PHPGurukul Teacher Subject Allocation Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/subject.php of the component Create a new Subject. The manipulation of the argument cid leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-247346 is the identifier assigned to this vulnerability.

Key dates

02Disclosure timeline

December 10, 2023 CVE published
August 2, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2022-3372 Cross-Site Request Forgery (CSRF) in Riello UPS Netman-204 CVE-2020-7336 Network Security Management (NSM) - Cross Site Request Forgery vulnerability CVE-2024-37426 WordPress Elegant Pink theme 1.3.0 - Cross Site Request Forgery (CSRF) vulnerability CVE-2025-31807 WordPress Product Notices for WooCommerce plugin <= 1.3.4 - Cross Site Request Forgery (CSRF) vulnerability CVE-2022-45807 WordPress WP Mail Log Plugin <= 1.0.1 is vulnerable to Cross Site Request Forgery (CSRF)