Description

Insufficient validation of profile field availability condition resulted in an SQL injection risk (by default only available to teachers and managers).

Remediation

References

CVE-2023-28329

Related Vulnerabilities

Apache HTTP Server Other Vulnerability (CVE-2004-0811)

WordPress Plugin Spider Calendar Cross-Site Scripting and SQL Injection Vulnerabilities (1.0.1)

Atlassian Confluence Incorrect Default Permissions Vulnerability (CVE-2017-9505)

Artifactory Incorrect Authorization Vulnerability (CVE-2021-45074)

Jetty Uncontrolled Resource Consumption Vulnerability (CVE-2020-27223)

Severity

High

Classification

CVE-2023-28329 CWE-138 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities