Description

Insufficient validation of profile field availability condition resulted in an SQL injection risk (by default only available to teachers and managers).

Remediation

References

CVE-2023-28329

Related Vulnerabilities

WordPress Plugin WordPress Mega Menu-QuadMenu Remote Code Execution (2.0.6)

WildFly Application Server Uncontrolled Resource Consumption Vulnerability (CVE-2016-9589)

Envoy Proxy Uncontrolled Recursion Vulnerability (CVE-2022-23606)

WordPress Plugin WP-Spreadplugin Cross-Site Scripting (3.8.6)

WordPress Plugin WordPress Email Template Designer-WP HTML Mail Cross-Site Scripting (3.0.9)

Severity

High

Classification

CVE-2023-28329 CWE-138 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities