ГлавнаяУязвимости → CVE-2024-41236
7.2высокая

CVE-2024-41236

Описание

A SQL injection vulnerability in /smsa/admin_login.php in Kashipara Responsive School Management System v3.2.0 allows an attacker to execute arbitrary SQL commands via the "username" parameter of the Admin Login Page

Затрагиваемое ПО
Lopalopa Responsive school management system
CVSS
Балл7.2 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Источники
https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Responsive%20School%20Management%20System%20v3.2.0/SQL%20Injection%20-%20Admin.pdfhttps://www.kashipara.com/project/php/12362/responsive-school-management-system-php-project-source-code