来源

关联漏洞

描述

Uniclare Student Portal is an online platform providing students access to academic resources and administrative functions, including grades, course materials, assignment submission, instructor communication, class registration, and personal information management. It streamlines processes and enhances the student experience.

介绍

# CVE-2024-57401: Time-Based SQL Injection in Uniclare Student Portal v2

## Description

A time-based SQL injection vulnerability has been discovered in version 2 of the Uniclare Student Portal. This vulnerability allows an attacker to inject malicious SQL queries into the application, potentially granting unauthorized access to sensitive data, including student records, financial information, and administrative credentials.  This vulnerability can be exploited even with limited privileges.

## Impact

Successful exploitation of this vulnerability could lead to:

* Data Breach: Unauthorized access and exfiltration of sensitive student and institutional data.
* Account Takeover: Compromise of student, faculty, and administrative accounts.
* System Compromise: Potential for further attacks and compromise of the underlying server infrastructure.
* Reputational Damage: Loss of trust in the institution and damage to its reputation.

## Affected Version

Uniclare Student Portal version 2.

## Credits

Vulnerability discovered by sanchit Sahni.

## Contact

*   LinkedIn: https://www.linkedin.com/in/sanchitsahni07/

---

文件快照

 [4.0K]  /data/pocs/c59569f4f06d7f0fb0ccd9ee80298a6959e6662b
├── [1.1K]  README.md
└── [2.9M]  Uniclare Student Portal v2.pdf

0 directories, 2 files

备注