SQL Injection Vulnerability in Campcodes Complete Web-Based School Management System
CVE-2024-34930

5.3MEDIUM

Key Information:

Vendor: Campcodes
Status: Complete Web-based School Management System
Vendor: CVE Published:; 23 May 2024

What is CVE-2024-34930?

A SQL injection vulnerability exists in the file /model/all_events1.php within Campcodes Complete Web-Based School Management System version 1.0. This flaw allows an attacker to input malicious SQL statements through the 'month' parameter, leading to the execution of arbitrary SQL commands. As a result, unauthorized access to sensitive database information may occur, posing significant risks to data security and integrity.

References

https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web...

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 23, 2024