Description

Insufficient validation of profile field availability condition resulted in an SQL injection risk (by default only available to teachers and managers).

Remediation

References

CVE-2023-28329

Related Vulnerabilities

Perl Out-of-bounds Write Vulnerability (CVE-2023-47038)

TYPO3 Improper Input Validation Vulnerability (CVE-2014-9509)

WordPress Plugin Contextual Related Posts Cross-Site Scripting (3.3.0)

WordPress 2.1.1 Cross-Site Scripting Vulnerability (2.1.1)

WordPress Plugin Elementor Website Builder Security Bypass (2.9.5)

Severity

High

Classification

CVE-2023-28329 CWE-138 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities