drew-byte/Web-Based-Internet-Laboratory-Management-System_SQLi-PoC
GitHub
Releases0
This flaw allows attackers to perform time-based inference attacks to extract database content, including usernames and password hashes, ultimately leading to full compromise of authentication credentials.
CVE History
| CVE | Published | CVSS v3 | CVSS v2 |
|---|---|---|---|
| 7.3 HIGH | 7.5 HIGH | ||
A security flaw has been discovered in itsourcecode Web-Based Internet Laboratory Management System 1.0. Impacted is the function User::AuthenticateUser of the file login.php. Performing manipulation of the argument user_email results in sql injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be exploited. | |||