SQL Injection Vulnerability in Classroom Update Function
CVE-2024-34927

9.8CRITICAL

Key Information:

Vendor: Campcodes
Status: Complete Web-based School Management System
Vendor: CVE Published:; 23 May 2024

What is CVE-2024-34927?

A vulnerability exists in the Campcodes Complete Web-Based School Management System version 1.0 that allows attackers to exploit the system through SQL injection. By manipulating the 'name' parameter in the /model/update_classroom.php file, unauthorized users can execute arbitrary SQL commands. This vulnerability can lead to unauthorized access to sensitive information and compromise the integrity of the database, making it critical for users to apply security patches and adopt best practices to secure their applications.

References

https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 23, 2024