SQL Injection Vulnerability in Simple School Managment System
CVE-2024-25310

8.8HIGH

Key Information:

Vendor: Code-projects
Status: Simple School Management System
Vendor: CVE Published:; 9 February 2024

🔔 Create Code-projects Vulnerability Alert

What is CVE-2024-25310?

The SQL Injection vulnerability in the Code-projects Simple School Management System 1.0 exists due to insufficient validation of user input in the 'id' parameter. This flaw is located in the delete.php file, where improper sanitization of the input allows attackers to craft malicious SQL queries. Exploiting this vulnerability could enable unauthorized access to the database, allowing attackers to view, modify, or delete sensitive information. Organizations using this software must implement countermeasures to safeguard against potential threats.

References

https://github.com/tubakvgc/CVEs/blob/main/Simple%20Schoo...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 9, 2024
Vulnerability Reserved
Feb 7, 2024