CVE-2022-42021 Student Result Management System v1.0 is vulnerable to SQL Injection via /upresult/upresult/notice-details.php?nid=

A hacker can inject malicious code in the input of the notice-details.php?nid= parameter to execute arbitrary SQL commands.

1.1.7 - Inadequate Restriction of Administrator User

The Best Student Result Management System v1.0 has Inadequate restriction of administrator user. An attacker can easily bypass the restriction and obtain high privileged access by changing the email address and password. An attacker can then install virus, spyware, etc. to steal sensitive information from the user or to carry out cyber-attacks against the user.

1.2 - Insecure Direct Redirection / Insecure Redirection

Redirection URL is a link that takes you to another URL. In redirection, the target URL of the link does not match with the original one. Direct redirection is when the URL of the link matches with the URL of the target. In insecure redirection, the target URL does not match with the URL of the link.

Insecure Direct Redirection

1.1.8 - Inadequate Restriction of Administrator User

The Best Student Result Management System v1.0 has Inadequate restriction of administrator user. An attacker can easily bypass the restriction and obtain high privileged access by changing the email address and password. An attacker can then install virus, spyware, etc. to steal sensitive information from the user or to carry out cyber-attacks against the user.

1.2.1 - Insecure Direct Redirection

The Best Student Result Management System v1.0 has Insecure Direct Redirection. The target URL of the link does not match with the original one. An attacker can take advantage of this vulnerability to visit a malicious website and steal sensitive information from the user or carry out cyber-attacks against the user.

Timeline

Published on: 10/20/2022 14:15:00 UTC
Last modified on: 10/21/2022 18:10:00 UTC

References