SQL Injection Vulnerability in campcodes Complete Web-Based School Management System
CVE-2024-33800

9.8CRITICAL

Key Information:

Vendor
campcodes
Status
Complete Web-based School Management System
Vendor
CVE Published:
28 May 2024

Summary

A SQL injection vulnerability exists in the Complete Web-Based School Management System 1.0, specifically in the file /model/get_student1.php. This vulnerability enables an attacker to send crafted input through the index parameter, which could lead to the execution of arbitrary SQL commands. Exploitation of this vulnerability poses a significant risk to the integrity and confidentiality of the system’s database, possibly resulting in unauthorized access to sensitive data.

References

https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web...

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

.
CVE-2024-33800 : SQL Injection Vulnerability in campcodes Complete Web-Based School Management System | SecurityVulnerability.io