SQL Injection vulnerability allows remote attackers to execute arbitrary SQL commands and gain unauthorized access to the database
CVE-2024-54925

Currently unrated

Key Information:

Vendor

kashipara

Status
E-learning Management System
Vendor
CVE Published:
9 December 2024

What is CVE-2024-54925?

A critical SQL Injection vulnerability exists in the remove_sent_message.php file within the Kashipara E-learning Management System version 1.0. This flaw enables remote attackers to send crafted requests that exploit the id parameter, permitting the execution of arbitrary SQL commands. As a result, unauthorized users can gain access to sensitive database information, potentially compromising user data and overall system integrity.

References

https://github.com/m14r41/Writeups/blob/main/CVE/Kashipar...

Timeline

  • Vulnerability published

.
CVE-2024-54925 : SQL Injection vulnerability allows remote attackers to execute arbitrary SQL commands and gain unauthorized access to the database