SQL Injection Vulnerability in Campcodes School Management System
CVE-2024-5106

8.8HIGH

Key Information:

Vendor: Campcodes
Status: Complete Web-based School Management System
Vendor: CVE Published:; 19 May 2024

What is CVE-2024-5106?

A critical security flaw has been discovered in the Campcodes Complete Web-Based School Management System version 1.0. The vulnerability resides in the 'student_payment_details3.php' file, where improper handling of the 'index' parameter can lead to a SQL injection attack. This type of attack allows an unauthorized user to manipulate SQL queries executed by the application, potentially exposing sensitive information. Remote attackers can exploit this vulnerability without needing local access to the system, making it imperative for organizations using this software to review their security measures. Immediate action is advised to secure affected systems, as public disclosure of the exploit increases the risk of malicious exploitation.

References

https://vuldb.com/?id.265096

https://vuldb.com/?ctiid.265096

https://vuldb.com/?submit.338509

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 19, 2024