SQL Injection Vulnerability in Admin Login Page
CVE-2024-41236

7.2HIGH

Key Information:

Vendor: Kashipara Responsive School Management System
Status: Responsive School Management System
Vendor: CVE Published:; 28 August 2024

🔔 Create Kashipara Responsive School Management System Vulnerability Alert

What is CVE-2024-41236?

A SQL injection vulnerability has been identified in the Kashipara Responsive School Management System, specifically in the admin_login.php file located in the /smsa/ directory. The flaw allows attackers to manipulate the application's SQL execution through the 'username' parameter of the Admin Login Page, potentially enabling unauthorized access and data breach. This vulnerability poses significant risks to the integrity and confidentiality of sensitive administrative data, warranting immediate attention and remediation.

References

https://www.kashipara.com/project/php/12362/responsive-sc...

https://github.com/takekaramey/CVE_Writeup/blob/main/Kash...

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 28, 2024

JSON