Skip to content

Instantly share code, notes, and snippets.

@celbahraoui

celbahraoui/CVE-2023-41520.md

Created August 7, 2025 15:49
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save celbahraoui/39c19c0b7f9f92a1a7e06d1c928bb1c3 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save celbahraoui/39c19c0b7f9f92a1a7e06d1c928bb1c3 to your computer and use it in GitHub Desktop.
Download ZIP
Public reference for CVE-2023-41520
Raw
CVE-2023-41520.md

CVE-2023-41520 - SQL Injection in Student Attendance Management System v1

Description

Student Attendance Management System v1 contains multiple SQL injection vulnerabilities in the createClassArms.php file. The vulnerable parameters are classId and classArmName. An attacker can exploit these flaws remotely to manipulate SQL queries, which may result in unauthorized data access or arbitrary code execution.

Vulnerability Type

SQL Injection

Affected Product

Attack Details

  • Attack Type: Remote
  • Attack Vectors: classId, classArmName parameters
  • Impact:
    • Code Execution (through SQL manipulation)
    • Information Disclosure

References

Discoverer

Chaima EL BAHRAOUI

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment