# CVE-2024-57401: Time-Based SQL Injection in Uniclare Student Portal v2
## Description
A time-based SQL injection vulnerability has been discovered in version 2 of the Uniclare Student Portal. This vulnerability allows an attacker to inject malicious SQL queries into the application, potentially granting unauthorized access to sensitive data, including student records, financial information, and administrative credentials. This vulnerability can be exploited even with limited privileges.
## Impact
Successful exploitation of this vulnerability could lead to:
* **Data Breach:** Unauthorized access and exfiltration of sensitive student and institutional data.
* **Account Takeover:** Compromise of student, faculty, and administrative accounts.
* **System Compromise:** Potential for further attacks and compromise of the underlying server infrastructure.
* **Reputational Damage:** Loss of trust in the institution and damage to its reputation.
## Affected Version
Uniclare Student Portal version 2.
## Credits
Vulnerability discovered by Ayush Kumar.
## Contact
* LinkedIn: https://www.linkedin.com/in/ayush92/
---
[4.0K] /data/pocs/ff74c1a0026d691d42f7114ddafaf4ef9ecb609b
├── [1.1K] README.md
└── [2.5M] Uniclare_Student_portal_V.2.pdf
0 directories, 2 files