SQL Injection Vulnerability in Campcodes School Management System
CVE-2024-33799

9.8CRITICAL

Key Information:

Vendor: Campcodes
Status: Complete Web-based School Management System
Vendor: CVE Published:; 28 May 2024

What is CVE-2024-33799?

The Complete Web-Based School Management System by Campcodes has a SQL injection vulnerability within the /model/get_teacher.php script. This flaw allows attackers to manipulate the id parameter, potentially executing arbitrary SQL commands. Exploiting this vulnerability can lead to unauthorized access to sensitive database information, exposing personal data and compromising the integrity of the application. Prompt action is advised for users and administrators relying on this system to mitigate risks associated with this vulnerability.

References

https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 28, 2024