SQL Injection Vulnerability in Campcodes Complete Web-Based School Management System
CVE-2024-5103

8.8HIGH

Key Information:

Vendor: Campcodes
Status: Complete Web-based School Management System
Vendor: CVE Published:; 19 May 2024

What is CVE-2024-5103?

A serious SQL injection vulnerability has been identified in the Campcodes Complete Web-Based School Management System (version 1.0). This security flaw resides in the 'student_first_payment.php' file, where an attacker can exploit the 'grade' parameter to execute arbitrary SQL code. This exploitation can occur remotely, posing a significant risk to the integrity and security of the application's database. Public disclosure of this vulnerability heightens the urgency for users to take immediate protective measures, as potential attackers may take advantage of this flaw. It's critical for users and administrators of the system to assess their current security posture and apply the necessary updates or patches to mitigate this risk.

References

https://vuldb.com/?id.265093

https://vuldb.com/?ctiid.265093

https://vuldb.com/?submit.338506

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 19, 2024