CVE-2023-39850

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Aug 15, 2023
Updated: Aug 18, 2023
CWE ID 89

Summary

CVE-2023-39850: Schoolmate v1.3 software contains SQL injection vulnerabilities in DeleteFunctions.php. The vulnerabilities are located in the $courseid and $teacherid parameters, allowing unauthorized users to manipulate SQL queries and potentially gain unauthorized access or modify data. This issue poses a serious risk to users who rely on Schoolmate for managing educational data. It is strongly recommended that users update to the latest version of Schoolmate or implement appropriate security measures to mitigate this vulnerability.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share