exploitDog

CVE-2024-4824

Опубликовано: 14 мая 2024

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

Vulnerability in School ERP Pro+Responsive 1.0 that allows SQL injection through the '/SchoolERP/office_admin/' index in the parameters groups_id, examname, classes_id, es_voucherid, es_class, etc. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the database.

Ссылки

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-school-erp-proresponsive-arox-solution
Third Party Advisory
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-school-erp-proresponsive-arox-solution
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:arox:school_erp_pro\+responsive:1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 79%

0.01285

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-89

Связанные уязвимости

GHSA-q2r8-99fj-x7qv

CVSS3: 9.8

github

больше 1 года назад

Vulnerability in School ERP Pro+Responsive 1.0 that allows SQL injection through the '/SchoolERP/office_admin/' index in the parameters groups_id, examname, classes_id, es_voucherid, es_class, etc. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the database.

EPSS

Процентиль: 79%

0.01285

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-89