SQL Injection Vulnerability in Campcodes Complete Web-Based School Management System
CVE-2024-33805

9.8CRITICAL

Key Information:

Vendor: Campcodes
Status: Complete Web-based School Management System
Vendor: CVE Published:; 28 May 2024

What is CVE-2024-33805?

A vulnerability has been identified in the Complete Web-Based School Management System developed by Campcodes that allows attackers to exploit SQL injection via the id parameter in the get_student.php file. This flaw enables unauthorized execution of arbitrary SQL commands, potentially compromising the application's database. Attackers can manipulate the SQL queries to gain access to sensitive data, modify records, or even take control of the underlying database system. It is crucial for users of this web application to address this vulnerability promptly to safeguard their systems against potential exploitation.

References

https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 28, 2024