SQL Injection Vulnerability in Campcodes School Management System
CVE-2024-33799

9.8CRITICAL

Key Information:

Vendor
Campcodes
Status
Complete Web-based School Management System
Vendor
CVE Published:
28 May 2024

Summary

The Complete Web-Based School Management System by Campcodes has a SQL injection vulnerability within the /model/get_teacher.php script. This flaw allows attackers to manipulate the id parameter, potentially executing arbitrary SQL commands. Exploiting this vulnerability can lead to unauthorized access to sensitive database information, exposing personal data and compromising the integrity of the application. Prompt action is advised for users and administrators relying on this system to mitigate risks associated with this vulnerability.

References

https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web...

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

.
CVE-2024-33799 : SQL Injection Vulnerability in Campcodes School Management System | SecurityVulnerability.io