SQL Injection Vulnerability in Kashipara College Management System
CVE-2024-4804

8.8HIGH

Key Information:

Vendor

Kashipara

Status
Kashipara College Management System
Vendor
CVE Published:
14 May 2024

What is CVE-2024-4804?

A vulnerability in the Kashipara College Management System 1.0 has been identified that allows for SQL injection through manipulation of the 'id' argument in the edit_user.php file. This security flaw could enable attackers to execute arbitrary SQL commands on the database, potentially leading to unauthorized access and data leakage. The issue can be exploited remotely, making timely patching and mitigation measures critical for system administrators to protect sensitive information.

References

https://vuldb.com/?id.263924
https://vuldb.com/?ctiid.263924
https://vuldb.com/?submit.332555

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

.
CVE-2024-4804 : SQL Injection Vulnerability in Kashipara College Management System