SQL Injection Vulnerability in Kashipara College Management System
CVE-2024-4807

8.8HIGH

Key Information:

Vendor: Kashipara
Status: Kashipara College Management System
Vendor: CVE Published:; 14 May 2024

What is CVE-2024-4807?

A security flaw exists in the Kashipara College Management System version 1.0, specifically within the delete_user.php file. This vulnerability allows unauthorized manipulation of the 'id' argument, leading to SQL injection attacks. Attackers can exploit this issue remotely, potentially gaining access to sensitive data and compromising the integrity of the system. The public disclosure of this exploit raises serious concerns for users of the affected software.

References

https://vuldb.com/?id.263927

https://vuldb.com/?ctiid.263927

https://vuldb.com/?submit.332564

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 14, 2024