VDB
CVE-2023-5281
CVE-2023-5281
PUBLISHED
CVSS 6.300000190734863 MEDIUM
A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been classified as critical. This affects an unknown part of the file remove_inbox_message.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-240909 was assigned to this vulnerability.
EPSS 0.05% · 16.6th percentile
Risk Scores
CVSS 3.1
6.300000190734863
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
EPSS Score
0.05%
16.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| engineers_online_portal_project | engineers_online_portal | 1.0, 1.0 |
| SourceCodester | Engineers Online Portal | 1.0, 1.0 |
Exploit Intelligence
Timeline
- Sep 29, 2023 CVE Published
- Sep 29, 2023 PoC Published
- Sep 30, 2023 EPSS Score
- Nov 1, 2023 EPSS Score
- Dec 3, 2023 EPSS Score
- Jan 3, 2024 EPSS Score
- Feb 4, 2024 EPSS Score
- Mar 7, 2024 EPSS Score
- Apr 8, 2024 EPSS Score
- May 10, 2024 EPSS Score
- Jun 10, 2024 EPSS Score
- Jul 12, 2024 EPSS Score
References
- https://vuldb.com/?id.240909 vdb
- https://vuldb.com/?ctiid.240909 url
- https://github.com/llixixi/Engineers-Online-Portal-System/blob/main/Engineers%20Online%20Portal%20System%20remove_inbox_message.php%20has%20Sqlinjection.pdf exploit
- https://www.suse.com/support/update/announcement/2024/suse-su-20242362-1 advisory
- https://www.suse.com/support/update/announcement/2024/suse-su-20242372-1 advisory
- https://www.suse.com/support/update/announcement/2024/suse-su-20242381-1 advisory
- https://www.suse.com/support/update/announcement/2024/suse-su-20242358-1 advisory
- https://www.suse.com/support/update/announcement/2024/suse-su-20242396-1 advisory
- https://www.suse.com/support/update/announcement/2024/suse-su-20242351-1 advisory
- https://www.suse.com/support/update/announcement/2024/suse-su-20242376-1 advisory
- https://www.suse.com/support/update/announcement/2024/suse-su-20242385-1 advisory
- https://www.suse.com/support/update/announcement/2024/suse-su-20242369-1 advisory
- https://www.suse.com/support/update/announcement/2024/suse-su-20242335-1 advisory
- https://www.suse.com/support/update/announcement/2024/suse-su-20242394-1 advisory
- https://www.suse.com/support/update/announcement/2024/suse-su-20242344-1 advisory
- https://www.suse.com/support/update/announcement/2024/suse-su-20242384-1 advisory
- https://www.suse.com/support/update/announcement/2024/suse-su-20242338-1 advisory
- https://www.suse.com/support/update/announcement/2024/suse-su-20242343-1 advisory
- https://www.suse.com/support/update/announcement/2024/suse-su-20242326-1 advisory
- https://www.suse.com/support/update/announcement/2024/suse-su-20242411-1 advisory
…and 30 more