SQL Injection Vulnerability in Kashipara College Management System 1.0
CVE-2024-4805

8.8HIGH

Key Information:

Vendor: Kashipara
Status: Kashipara College Management System
Vendor: CVE Published:; 14 May 2024

What is CVE-2024-4805?

A significant vulnerability exists within Kashipara College Management System 1.0, identified in the edit_faculty.php file. The manipulation of the 'id' argument enables attackers to execute SQL injection attacks remotely. This security flaw exposes sensitive data and allows unauthorized access, posing serious risks to the integrity of the system. The issue has been publicly acknowledged, which increases the risk of exploitation. Immediate actions are required to mitigate potential consequences.

References

https://vuldb.com/?id.263925

https://vuldb.com/?ctiid.263925

https://vuldb.com/?submit.332556

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 14, 2024