A time-based SQL injection vulnerability has been discovered in version 2 of the Uniclare Student Portal. This vulnerability allows an attacker to inject malicious SQL queries into the application, potentially granting unauthorized access to sensitive data, including student records, financial information, and administrative credentials. This vulnerability can be exploited even with limited privileges.
Successful exploitation of this vulnerability could lead to:
- Data Breach: Unauthorized access and exfiltration of sensitive student and institutional data.
- Account Takeover: Compromise of student, faculty, and administrative accounts.
- System Compromise: Potential for further attacks and compromise of the underlying server infrastructure.
- Reputational Damage: Loss of trust in the institution and damage to its reputation.
Uniclare Student Portal version 2.
Vulnerability discovered by Ayush Kumar.
- LinkedIn: https://www.linkedin.com/in/ayush92/