CVE-2024-58276

Sažetak

Obi08/Enrollment System 1.0 contains a SQL injection vulnerability in the keyword parameter of /get_subject.php that allows unauthenticated attackers to execute arbitrary SQL queries. Attackers can use UNION-based injection to extract sensitive information from the users table including usernames and passwords.

Reference

https://github.com/Obi08/Enrollment_System
https://www.exploit-db.com/exploits/51845
https://www.vulncheck.com/advisories/obi08-enrollment-system-10-loginphp-sql-injection

CVSS

Base:	0.0
Impact:	None
Exploitability:	None

Pristup

Vektor	Složenost	Autentikacija
None	None	None

Impact

Povjerljivost	Cjelovitost	Dostupnost
None	None	None

CVSS vektor

None

Zadnje važnije ažuriranje

04-12-2025 - 21:16

Objavljeno

04-12-2025 - 21:16