Vulnerability Details : CVE-2023-6618
A vulnerability was found in SourceCodester Simple Student Attendance System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file index.php. The manipulation of the argument page leads to file inclusion. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-247255.
Vulnerability category: File inclusion
Products affected by CVE-2023-6618
- cpe:2.3:a:oretnom23:simple_student_attendance_system:1.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-6618
0.25%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 66 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-6618
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.2
|
MEDIUM | AV:A/AC:L/Au:S/C:P/I:P/A:P |
5.1
|
6.4
|
VulDB | |
5.5
|
MEDIUM | CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L |
2.1
|
3.4
|
VulDB | |
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
CWE ids for CVE-2023-6618
-
The product allows user input to control or influence paths or file names that are used in filesystem operations.Assigned by: cna@vuldb.com (Secondary)
-
The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.Assigned by: nvd@nist.gov (Primary)
References for CVE-2023-6618
-
https://vuldb.com/?id.247255
CVE-2023-6618: SourceCodester Simple Student Attendance System index.php file inclusionThird Party Advisory
-
https://www.yuque.com/u39339523/el4dxs/krpez3nzv1144cuc
Simple Student Attendance System has file inclusion vulnerabilitiesThird Party Advisory
-
https://vuldb.com/?ctiid.247255
CVE-2023-6618: SourceCodester Simple Student Attendance System index.php file inclusionPermissions Required;Third Party Advisory
Jump to