A critical vulnerability has been discovered in Uniclare Student Portal v2, assigned a severity score of 9.8 out of 10. This flaw, a SQL injection, could allow a remote, unauthenticated attacker to steal or manipulate sensitive student data, disrupt portal services, and potentially gain control over the underlying database server. Immediate patching is required to prevent a significant data breach and operational disruption.

The vulnerability is a classic SQL injection that exists in one or more input fields of the student portal. The application fails to properly sanitize user-supplied input before using it in a database query. A remote attacker can exploit this by submitting specially crafted SQL statements, tricking the backend database into executing arbitrary commands. This can be used to bypass authentication controls, read sensitive data from any table in the database, modify or delete data, and in some configurations, execute operating system commands on the server.

This vulnerability is rated as critical with a CVSS score of 9.8. Exploitation could lead to severe consequences for the organization, including a major data breach of sensitive student and faculty information (personally identifiable information, grades, financial records). This would result in significant reputational damage, loss of trust, and potential regulatory fines under data protection laws. Furthermore, an attacker could manipulate data, such as altering grades or enrollment statuses, leading to a loss of data integrity. Successful exploitation could also lead to a complete compromise of the portal's server, providing a foothold for attackers to move laterally within the network.

Immediate Action: Update all instances of Uniclare Student Portal to the latest version as recommended by the vendor. After patching, monitor for any signs of exploitation attempts by reviewing historical access and database logs for indicators of compromise that may have occurred prior to the update.

Proactive Monitoring: Actively monitor web server and database logs for suspicious queries. Look for common SQL injection keywords (e.g., UNION, SELECT, SLEEP, --, ' OR '1'='1') in web request parameters. Monitor for unusual outbound network traffic from the database server, which could be a sign of data exfiltration.

Compensating Controls: If patching is not immediately possible, implement the following controls to mitigate risk:

• Deploy a Web Application Firewall (WAF) with rules specifically configured to detect and block SQL injection attacks.
• Restrict access to the student portal from untrusted IP ranges.
• Review database user permissions and ensure the application's service account operates with the principle of least privilege, preventing it from accessing unnecessary databases or executing system commands.

Public Exploit Available: false

Given the critical CVSS score of 9.8, this vulnerability represents a severe and immediate risk to the organization. We strongly recommend that all affected instances of the Uniclare Student Portal be updated to the latest version without delay. While this CVE is not yet on the CISA KEV list, its high impact and ease of potential exploitation make it a prime target. If patching cannot be performed immediately, compensating controls such as a WAF must be implemented as a temporary measure, and organizations should proactively hunt for evidence of compromise.