SQL Injection Vulnerability in Kashipara College Management System 1.0
CVE-2024-4805

8.8HIGH

Key Information:

Vendor

Kashipara

Status
Kashipara College Management System
Vendor
CVE Published:
14 May 2024

What is CVE-2024-4805?

A significant vulnerability exists within Kashipara College Management System 1.0, identified in the edit_faculty.php file. The manipulation of the 'id' argument enables attackers to execute SQL injection attacks remotely. This security flaw exposes sensitive data and allows unauthorized access, posing serious risks to the integrity of the system. The issue has been publicly acknowledged, which increases the risk of exploitation. Immediate actions are required to mitigate potential consequences.

References

https://vuldb.com/?id.263925
https://vuldb.com/?ctiid.263925
https://vuldb.com/?submit.332556

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

.
CVE-2024-4805 : SQL Injection Vulnerability in Kashipara College Management System 1.0