SQL Injection Vulnerability in Campcodes Complete Web-Based School Management System
CVE-2024-34930

5.3MEDIUM

Key Information:

Vendor
Campcodes
Status
Complete Web-based School Management System
Vendor
CVE Published:
23 May 2024

Summary

A SQL injection vulnerability exists in the file /model/all_events1.php within Campcodes Complete Web-Based School Management System version 1.0. This flaw allows an attacker to input malicious SQL statements through the 'month' parameter, leading to the execution of arbitrary SQL commands. As a result, unauthorized access to sensitive database information may occur, posing significant risks to data security and integrity.

References

https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web...

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

.
CVE-2024-34930 : SQL Injection Vulnerability in Campcodes Complete Web-Based School Management System | SecurityVulnerability.io