SQL Injection Vulnerability in Simple School Managment System
CVE-2024-25310

8.8HIGH

Key Information:

Vendor
Code-projects
Status
Simple School Management System
Vendor
CVE Published:
9 February 2024

Summary

The SQL Injection vulnerability in the Code-projects Simple School Management System 1.0 exists due to insufficient validation of user input in the 'id' parameter. This flaw is located in the delete.php file, where improper sanitization of the input allows attackers to craft malicious SQL queries. Exploiting this vulnerability could enable unauthorized access to the database, allowing attackers to view, modify, or delete sensitive information. Organizations using this software must implement countermeasures to safeguard against potential threats.

References

https://github.com/tubakvgc/CVEs/blob/main/Simple%20Schoo...

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2024-25310 : SQL Injection Vulnerability in Simple School Managment System | SecurityVulnerability.io