PatchSiren cyber security CVE debrief
CVE-2023-6441 UNI-PA University Marketing & Computer Internet Trade Inc. CVE debrief
CVE-2023-6441 is a critical SQL injection vulnerability in Unipa’s University Information System. The source corpus says affected versions are those before 2023-12-12, and NVD assigns a CVSS 3.1 score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Because the issue is network-reachable, requires no privileges, and needs no user interaction, exposed deployments should be treated as high priority until the affected version is confirmed absent or remediated.
- Vendor
- UNI-PA University Marketing & Computer Internet Trade Inc.
- Product
- University Information System
- CVSS
- CRITICAL 9.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-02-14
- Original CVE updated
- 2026-05-20
- Advisory published
- 2024-02-14
- Advisory updated
- 2026-05-20
Who should care
Organizations running Unipa University Information System, especially administrators, application owners, and security teams responsible for internet-facing or otherwise reachable deployments. Any system still on a version earlier than 2023-12-12 should be prioritized for validation and remediation.
Technical summary
The vulnerability is identified as CWE-89 SQL injection. NVD’s CPE criteria map the issue to cpe:2.3:a:unipa:university_information_system:*:*:*:*:*:*:*:* with the vulnerable range ending before 2023-12-12. The NVD CVSS vector (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) indicates remote, low-complexity exploitation with no privileges or user interaction and potential for high impact to confidentiality, integrity, and availability.
Defensive priority
Critical. The combination of a 9.8 CVSS score, network attack vector, no authentication requirement, and full CIA impact makes this a top-priority remediation item for affected deployments.
Recommended defensive actions
- Confirm whether any instance of Unipa University Information System is deployed in your environment.
- Check installed versions against the source cutoff: versions before 2023-12-12 are affected.
- Prioritize remediation for any exposed or business-critical deployment before routine maintenance work.
- Review the USOM advisory and vendor-related references for guidance on mitigation and status.
- After remediation, validate that no vulnerable instances remain and document the version baseline for future inventory checks.
Evidence notes
The CVE record was published on 2024-02-14 and later modified on 2026-05-20; those dates are publication metadata, not the issue date. The source corpus identifies the product as Unipa University Information System, cites CWE-89, and lists the affected range as versions before 2023-12-12. NVD provides the 9.8 CVSS vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. The supplied enrichment does not mark this CVE as KEV.
Official resources
-
CVE-2023-6441 CVE record
CVE.org
-
CVE-2023-6441 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
-
Mitigation or vendor reference
[email protected] - Third Party Advisory
Publicly disclosed in the CVE record on 2024-02-14; the record was later modified on 2026-05-20. No KEV listing is included in the supplied enrichment.