Assigner | VulDB |
Reserved | 2024-05-15 |
Published | 2024-05-15 |
Updated | 2024-06-04 |
Description
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /view/student_due_payment.php. The manipulation of the argument due_year leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-264444.
Es wurde eine kritische Schwachstelle in Campcodes Complete Web-Based School Management System 1.0 ausgemacht. Betroffen hiervon ist ein unbekannter Ablauf der Datei /view/student_due_payment.php. Durch Manipulation des Arguments due_year mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N | |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L | |
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L | |
CVSS:2.0/AV:N/AC:L/Au:S/C:P/I:P/A:P |
Problem types
Product status
Timeline
2024-05-15: | Advisory disclosed |
2024-05-15: | VulDB entry created |
2024-05-15: | VulDB entry last update |
Credits
SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)
References
https://vuldb.com/?id.264444 (VDB-264444 | Campcodes Complete Web-Based School Management System student_due_payment.php sql injection)
https://vuldb.com/?ctiid.264444 (VDB-264444 | CTI Indicators (IOB, IOC, TTP, IOA))
https://vuldb.com/?submit.333295 (Submit #333295 | Campcodes Complete Web-Based School Management System ≤1.0 SQL Injection)