Unrated severityNVD Advisory· Published Jul 1, 2021· Updated May 28, 2025
CVE-2021-28423
CVE-2021-28423
Description
Multiple SQL Injection vulnerabilities in Teachers Record Management System 1.0 thru 2.1 allow remote authenticated users to execute arbitrary SQL commands via the 'editid' GET parameter in edit-subjects-detail.php, edit-teacher-detail.php, or the 'searchdata' POST parameter in search.php.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Teachers Record Management System/Teachers Record Management Systemdescription
- Range: 1.0 - 2.1
Patches
Vulnerability mechanics
References
4- nhattruong.blog/2021/05/22/cve-2021-28423-teachers-record-management-system-1-0-searchdata-error-based-sql-injection-authenticated/mitre
- packetstormsecurity.com/files/163172/Teachers-Record-Management-System-1.0-SQL-Injection.htmlmitre
- phpgurukul.com/teachers-record-management-system-using-php-and-mysql/mitre
- www.exploit-db.com/exploits/50018mitre
News mentions
0No linked articles in our index yet.