SQL Injection Flaw in Campcodes Complete Web-Based School Management System
CVE-2024-34929

9.8CRITICAL

Key Information:

Vendor: Campcodes
Status: Complete Web-based School Management System
Vendor: CVE Published:; 23 May 2024

What is CVE-2024-34929?

The Complete Web-Based School Management System by Campcodes is susceptible to a SQL injection vulnerability found in the /view/find_friends.php file. This vulnerability allows attackers to manipulate the my_index parameter, potentially executing arbitrary SQL commands. Such exploitation could lead to unauthorized access to sensitive data, data corruption, or even administrative privileges within the application. Immediate action is recommended to mitigate this security issue and safeguard against potential attacks.

References

https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 23, 2024