ГлавнаяУязвимости → CVE-2024-57459
7.3высокая

CVE-2024-57459

Описание

A time-based SQL injection vulnerability exists in mydetailsstudent.php in the CloudClassroom PHP Project 1.0. The myds parameter does not properly validate user input, allowing an attacker to inject arbitrary SQL commands.

Затрагиваемое ПО
Vishalmathur Cloudclassroom-php project
CVSS
Балл7.3 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Источники
https://gist.github.com/b0mk35h/921cfa00f9ea1af66645574537d38587https://owasp.org/www-community/attacks/SQL_Injection