SQL Injection Vulnerability in Kashipara College Management System
CVE-2024-4808

8.8HIGH

Key Information:

Vendor: Kashipara College
Status: Kashipara College Management System
Vendor: CVE Published:; 14 May 2024

What is CVE-2024-4808?

A vulnerability has been identified in the Kashipara College Management System 1.0 that allows for SQL injection through the 'delete_faculty.php' file. The vulnerability arises from improper handling of the 'id' argument, which can be manipulated to execute unauthorized SQL commands. This flaw is exploitable remotely, posing significant risks to data integrity and confidentiality. As the details are publicly disclosed, it invites potential exploitation, necessitating immediate attention and remediation to safeguard systems.

References

https://vuldb.com/?id.263928

https://vuldb.com/?ctiid.263928

https://vuldb.com/?submit.332565

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 14, 2024