SQL Injection Vulnerability in Kashipara College Management System
CVE-2024-4806

8.8HIGH

Key Information:

Vendor

Kashipara

Status
Kashipara College Management System
Vendor
CVE Published:
14 May 2024

What is CVE-2024-4806?

A significant SQL injection vulnerability exists in the Kashipara College Management System version 1.0. This vulnerability can be exploited remotely through the parameter 'id' in the file each_extracurricula_activities.php, allowing attackers to manipulate SQL queries. The potential for unauthorized access and data exposure raises serious security concerns. The exploit details have been publicly disclosed, making it essential for users of this system to apply the necessary security measures promptly.

References

https://vuldb.com/?id.263926
https://vuldb.com/?ctiid.263926
https://vuldb.com/?submit.332557

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

.
CVE-2024-4806 : SQL Injection Vulnerability in Kashipara College Management System