NVD disclosure day

Published threat advisories for December 1, 2023

CVE-2023-5636

Education Portal allows attackers to take control of systems and access sensitive files

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

ArslanSoft Education Portal has a critical flaw allowing anyone to upload dangerous files, potentially giving attackers full control of the system and access to sensitive data. Update now.

NVD published: December 1, 2023

CVE advisoryCRITICAL

CVE-2023-5634

Education Portal allows attackers to steal customer data or control services

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

An SQL injection flaw in ArslanSoft Education Portal lets attackers steal or change sensitive data, impacting a web application often accessed online.

NVD published: December 1, 2023