Uniclare Student Portal SQL Injection Vulnerability

Vulnerability

A SQL injection vulnerability has been identified in Uniclare Student Portal version 2. This vulnerability allows remote attackers to inject arbitrary SQL commands through vulnerable input fields. Exploitation of this flaw could enable attackers to execute time-delay functions, potentially leading to unauthorized access to sensitive data such as student records, financial information, and administrative credentials.

Impact

Exploitation of this vulnerability could result in a data breach, allowing unauthorized access to and exfiltration of sensitive student and institutional data. It could also lead to account takeover, compromising student, faculty, and administrative accounts, and potentially allow for further attacks on the underlying server infrastructure. Additionally, such a breach could cause reputational damage to the institution.

Added: Oct 6, 2025, 6:18 PM

Updated: Oct 6, 2025, 8:24 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.2

remediation

0.0

relevance

0.7

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.2

remediation

0.0

relevance

0.7

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Uniclare Student Portal SQL Injection Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating