Vulnerabilites related to campcodes - complete_web-based_school_management_system
cve-2024-4685
Vulnerability from cvelistv5
Published
2024-05-09 20:00
Modified
2024-08-01 20:47
Severity ?
5.3 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
EPSS score ?
Summary
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /view/exam_timetable.php. The manipulation of the argument exam leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-263626 is the identifier assigned to this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.263626 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.263626 | signature, permissions-required | |
| https://vuldb.com/?submit.331775 | third-party-advisory | |
| https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2032.pdf | exploit |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Campcodes | Complete Web-Based School Management System |
Version: 1.0 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-4685", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-05-13T13:12:45.674865Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:56:33.020Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T20:47:41.464Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "VDB-263626 | Campcodes Complete Web-Based School Management System exam_timetable.php cross site scripting", tags: [ "vdb-entry", "technical-description", "x_transferred", ], url: "https://vuldb.com/?id.263626", }, { name: "VDB-263626 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", "x_transferred", ], url: "https://vuldb.com/?ctiid.263626", }, { name: "Submit #331775 | Campcodes Complete Web-Based School Management System ≤1.0 XSS injection", tags: [ "third-party-advisory", "x_transferred", ], url: "https://vuldb.com/?submit.331775", }, { tags: [ "exploit", "x_transferred", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2032.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Complete Web-Based School Management System", vendor: "Campcodes", versions: [ { status: "affected", version: "1.0", }, ], }, ], credits: [ { lang: "en", type: "reporter", value: "SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)", }, ], descriptions: [ { lang: "en", value: "A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /view/exam_timetable.php. The manipulation of the argument exam leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-263626 is the identifier assigned to this vulnerability.", }, { lang: "de", value: "In Campcodes Complete Web-Based School Management System 1.0 wurde eine Schwachstelle ausgemacht. Sie wurde als problematisch eingestuft. Das betrifft eine unbekannte Funktionalität der Datei /view/exam_timetable.php. Dank der Manipulation des Arguments exam mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung.", }, ], metrics: [ { cvssV4_0: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", version: "4.0", }, }, { cvssV3_1: { baseScore: 3.5, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, }, { cvssV3_0: { baseScore: 3.5, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.0", }, }, { cvssV2_0: { baseScore: 4, vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Cross Site Scripting", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-09T20:00:05.595Z", orgId: "1af790b2-7ee1-4545-860a-a788eba489b5", shortName: "VulDB", }, references: [ { name: "VDB-263626 | Campcodes Complete Web-Based School Management System exam_timetable.php cross site scripting", tags: [ "vdb-entry", "technical-description", ], url: "https://vuldb.com/?id.263626", }, { name: "VDB-263626 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", ], url: "https://vuldb.com/?ctiid.263626", }, { name: "Submit #331775 | Campcodes Complete Web-Based School Management System ≤1.0 XSS injection", tags: [ "third-party-advisory", ], url: "https://vuldb.com/?submit.331775", }, { tags: [ "exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2032.pdf", }, ], timeline: [ { lang: "en", time: "2024-05-09T00:00:00.000Z", value: "Advisory disclosed", }, { lang: "en", time: "2024-05-09T02:00:00.000Z", value: "VulDB entry created", }, { lang: "en", time: "2024-05-09T10:55:35.000Z", value: "VulDB entry last update", }, ], title: "Campcodes Complete Web-Based School Management System exam_timetable.php cross site scripting", }, }, cveMetadata: { assignerOrgId: "1af790b2-7ee1-4545-860a-a788eba489b5", assignerShortName: "VulDB", cveId: "CVE-2024-4685", datePublished: "2024-05-09T20:00:05.595Z", dateReserved: "2024-05-09T08:50:14.305Z", dateUpdated: "2024-08-01T20:47:41.464Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-5107
Vulnerability from cvelistv5
Published
2024-05-19 23:31
Modified
2024-08-01 21:03
Severity ?
5.3 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
EPSS score ?
Summary
A vulnerability, which was classified as critical, has been found in Campcodes Complete Web-Based School Management System 1.0. This issue affects some unknown processing of the file /view/student_payment_details2.php. The manipulation of the argument index leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-265097 was assigned to this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.265097 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.265097 | signature, permissions-required | |
| https://vuldb.com/?submit.338511 | third-party-advisory | |
| https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2012.pdf | exploit |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Campcodes | Complete Web-Based School Management System |
Version: 1.0 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-5107", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-05-20T17:09:43.566297Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T18:01:40.265Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T21:03:10.831Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "VDB-265097 | Campcodes Complete Web-Based School Management System student_payment_details2.php sql injection", tags: [ "vdb-entry", "technical-description", "x_transferred", ], url: "https://vuldb.com/?id.265097", }, { name: "VDB-265097 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", "x_transferred", ], url: "https://vuldb.com/?ctiid.265097", }, { name: "Submit #338511 | Campcodes Complete Web-Based School Management System ≤1.0 SQL Injection", tags: [ "third-party-advisory", "x_transferred", ], url: "https://vuldb.com/?submit.338511", }, { tags: [ "exploit", "x_transferred", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2012.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Complete Web-Based School Management System", vendor: "Campcodes", versions: [ { status: "affected", version: "1.0", }, ], }, ], credits: [ { lang: "en", type: "reporter", value: "SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)", }, ], descriptions: [ { lang: "en", value: "A vulnerability, which was classified as critical, has been found in Campcodes Complete Web-Based School Management System 1.0. This issue affects some unknown processing of the file /view/student_payment_details2.php. The manipulation of the argument index leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-265097 was assigned to this vulnerability.", }, { lang: "de", value: "Eine Schwachstelle wurde in Campcodes Complete Web-Based School Management System 1.0 entdeckt. Sie wurde als kritisch eingestuft. Dies betrifft einen unbekannten Teil der Datei /view/student_payment_details2.php. Durch Manipulieren des Arguments index mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.", }, ], metrics: [ { cvssV4_0: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", version: "4.0", }, }, { cvssV3_1: { baseScore: 6.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, }, { cvssV3_0: { baseScore: 6.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, }, { cvssV2_0: { baseScore: 6.5, vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-89", description: "CWE-89 SQL Injection", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-19T23:31:04.103Z", orgId: "1af790b2-7ee1-4545-860a-a788eba489b5", shortName: "VulDB", }, references: [ { name: "VDB-265097 | Campcodes Complete Web-Based School Management System student_payment_details2.php sql injection", tags: [ "vdb-entry", "technical-description", ], url: "https://vuldb.com/?id.265097", }, { name: "VDB-265097 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", ], url: "https://vuldb.com/?ctiid.265097", }, { name: "Submit #338511 | Campcodes Complete Web-Based School Management System ≤1.0 SQL Injection", tags: [ "third-party-advisory", ], url: "https://vuldb.com/?submit.338511", }, { tags: [ "exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2012.pdf", }, ], timeline: [ { lang: "en", time: "2024-05-19T00:00:00.000Z", value: "Advisory disclosed", }, { lang: "en", time: "2024-05-19T02:00:00.000Z", value: "VulDB entry created", }, { lang: "en", time: "2024-05-19T07:02:35.000Z", value: "VulDB entry last update", }, ], title: "Campcodes Complete Web-Based School Management System student_payment_details2.php sql injection", }, }, cveMetadata: { assignerOrgId: "1af790b2-7ee1-4545-860a-a788eba489b5", assignerShortName: "VulDB", cveId: "CVE-2024-5107", datePublished: "2024-05-19T23:31:04.103Z", dateReserved: "2024-05-19T04:57:00.552Z", dateUpdated: "2024-08-01T21:03:10.831Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-5108
Vulnerability from cvelistv5
Published
2024-05-20 00:00
Modified
2024-08-01 21:03
Severity ?
5.3 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
EPSS score ?
Summary
A vulnerability, which was classified as critical, was found in Campcodes Complete Web-Based School Management System 1.0. Affected is an unknown function of the file /view/student_payment_details4.php. The manipulation of the argument index leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-265098 is the identifier assigned to this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.265098 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.265098 | signature, permissions-required | |
| https://vuldb.com/?submit.338512 | third-party-advisory | |
| https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2013.pdf | exploit |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Campcodes | Complete Web-Based School Management System |
Version: 1.0 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-5108", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-05-21T19:13:26.318221Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T18:02:55.818Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T21:03:10.692Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "VDB-265098 | Campcodes Complete Web-Based School Management System student_payment_details4.php sql injection", tags: [ "vdb-entry", "technical-description", "x_transferred", ], url: "https://vuldb.com/?id.265098", }, { name: "VDB-265098 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", "x_transferred", ], url: "https://vuldb.com/?ctiid.265098", }, { name: "Submit #338512 | Campcodes Complete Web-Based School Management System ≤1.0 SQL Injection", tags: [ "third-party-advisory", "x_transferred", ], url: "https://vuldb.com/?submit.338512", }, { tags: [ "exploit", "x_transferred", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2013.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Complete Web-Based School Management System", vendor: "Campcodes", versions: [ { status: "affected", version: "1.0", }, ], }, ], credits: [ { lang: "en", type: "reporter", value: "SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)", }, ], descriptions: [ { lang: "en", value: "A vulnerability, which was classified as critical, was found in Campcodes Complete Web-Based School Management System 1.0. Affected is an unknown function of the file /view/student_payment_details4.php. The manipulation of the argument index leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-265098 is the identifier assigned to this vulnerability.", }, { lang: "de", value: "Es wurde eine Schwachstelle in Campcodes Complete Web-Based School Management System 1.0 gefunden. Sie wurde als kritisch eingestuft. Dabei betrifft es einen unbekannter Codeteil der Datei /view/student_payment_details4.php. Durch das Beeinflussen des Arguments index mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.", }, ], metrics: [ { cvssV4_0: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", version: "4.0", }, }, { cvssV3_1: { baseScore: 6.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, }, { cvssV3_0: { baseScore: 6.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, }, { cvssV2_0: { baseScore: 6.5, vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-89", description: "CWE-89 SQL Injection", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-20T00:00:04.817Z", orgId: "1af790b2-7ee1-4545-860a-a788eba489b5", shortName: "VulDB", }, references: [ { name: "VDB-265098 | Campcodes Complete Web-Based School Management System student_payment_details4.php sql injection", tags: [ "vdb-entry", "technical-description", ], url: "https://vuldb.com/?id.265098", }, { name: "VDB-265098 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", ], url: "https://vuldb.com/?ctiid.265098", }, { name: "Submit #338512 | Campcodes Complete Web-Based School Management System ≤1.0 SQL Injection", tags: [ "third-party-advisory", ], url: "https://vuldb.com/?submit.338512", }, { tags: [ "exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2013.pdf", }, ], timeline: [ { lang: "en", time: "2024-05-19T00:00:00.000Z", value: "Advisory disclosed", }, { lang: "en", time: "2024-05-19T02:00:00.000Z", value: "VulDB entry created", }, { lang: "en", time: "2024-05-19T07:02:37.000Z", value: "VulDB entry last update", }, ], title: "Campcodes Complete Web-Based School Management System student_payment_details4.php sql injection", }, }, cveMetadata: { assignerOrgId: "1af790b2-7ee1-4545-860a-a788eba489b5", assignerShortName: "VulDB", cveId: "CVE-2024-5108", datePublished: "2024-05-20T00:00:04.817Z", dateReserved: "2024-05-19T04:57:03.639Z", dateUpdated: "2024-08-01T21:03:10.692Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-5113
Vulnerability from cvelistv5
Published
2024-05-20 02:31
Modified
2024-08-01 21:03
Severity ?
5.3 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
EPSS score ?
Summary
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /view/student_profile1.php. The manipulation of the argument std_index leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-265103.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.265103 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.265103 | signature, permissions-required | |
| https://vuldb.com/?submit.338517 | third-party-advisory | |
| https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2018.pdf | exploit |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Campcodes | Complete Web-Based School Management System |
Version: 1.0 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "complete_web-based_school_management_system", vendor: "campcodes", versions: [ { status: "affected", version: "1.0", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-5113", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-05-20T14:50:16.047324Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T18:02:49.502Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T21:03:10.907Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "VDB-265103 | Campcodes Complete Web-Based School Management System student_profile1.php sql injection", tags: [ "vdb-entry", "technical-description", "x_transferred", ], url: "https://vuldb.com/?id.265103", }, { name: "VDB-265103 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", "x_transferred", ], url: "https://vuldb.com/?ctiid.265103", }, { name: "Submit #338517 | Campcodes Complete Web-Based School Management System ≤1.0 SQL Injection", tags: [ "third-party-advisory", "x_transferred", ], url: "https://vuldb.com/?submit.338517", }, { tags: [ "exploit", "x_transferred", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2018.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Complete Web-Based School Management System", vendor: "Campcodes", versions: [ { status: "affected", version: "1.0", }, ], }, ], credits: [ { lang: "en", type: "reporter", value: "SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)", }, ], descriptions: [ { lang: "en", value: "A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /view/student_profile1.php. The manipulation of the argument std_index leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-265103.", }, { lang: "de", value: "Eine Schwachstelle wurde in Campcodes Complete Web-Based School Management System 1.0 ausgemacht. Sie wurde als kritisch eingestuft. Betroffen davon ist ein unbekannter Prozess der Datei /view/student_profile1.php. Durch die Manipulation des Arguments std_index mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.", }, ], metrics: [ { cvssV4_0: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", version: "4.0", }, }, { cvssV3_1: { baseScore: 6.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, }, { cvssV3_0: { baseScore: 6.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, }, { cvssV2_0: { baseScore: 6.5, vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-89", description: "CWE-89 SQL Injection", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-20T02:31:04.268Z", orgId: "1af790b2-7ee1-4545-860a-a788eba489b5", shortName: "VulDB", }, references: [ { name: "VDB-265103 | Campcodes Complete Web-Based School Management System student_profile1.php sql injection", tags: [ "vdb-entry", "technical-description", ], url: "https://vuldb.com/?id.265103", }, { name: "VDB-265103 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", ], url: "https://vuldb.com/?ctiid.265103", }, { name: "Submit #338517 | Campcodes Complete Web-Based School Management System ≤1.0 SQL Injection", tags: [ "third-party-advisory", ], url: "https://vuldb.com/?submit.338517", }, { tags: [ "exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2018.pdf", }, ], timeline: [ { lang: "en", time: "2024-05-19T00:00:00.000Z", value: "Advisory disclosed", }, { lang: "en", time: "2024-05-19T02:00:00.000Z", value: "VulDB entry created", }, { lang: "en", time: "2024-05-19T07:02:44.000Z", value: "VulDB entry last update", }, ], title: "Campcodes Complete Web-Based School Management System student_profile1.php sql injection", }, }, cveMetadata: { assignerOrgId: "1af790b2-7ee1-4545-860a-a788eba489b5", assignerShortName: "VulDB", cveId: "CVE-2024-5113", datePublished: "2024-05-20T02:31:04.268Z", dateReserved: "2024-05-19T04:57:17.445Z", dateUpdated: "2024-08-01T21:03:10.907Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-34936
Vulnerability from cvelistv5
Published
2024-05-23 16:34
Modified
2025-02-13 15:53
Severity ?
EPSS score ?
Summary
A SQL injection vulnerability in /view/event1.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the month parameter.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T02:59:22.681Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2029.pdf", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "complete_web-based_school_management_system", vendor: "campcodes", versions: [ { status: "affected", version: "1.0", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", version: "3.1", }, }, { other: { content: { id: "CVE-2024-34936", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-08-07T20:27:39.859919Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-89", description: "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-07T20:32:02.569Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "A SQL injection vulnerability in /view/event1.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the month parameter.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-23T16:34:48.083Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2029.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-34936", datePublished: "2024-05-23T16:34:47.750Z", dateReserved: "2024-05-09T00:00:00.000Z", dateUpdated: "2025-02-13T15:53:39.280Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-33804
Vulnerability from cvelistv5
Published
2024-05-28 15:50
Modified
2025-02-13 15:52
Severity ?
EPSS score ?
Summary
A SQL injection vulnerability in /model/get_subject.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the id parameter.
References
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:campcodes:complete_web-based_school_management_system:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "complete_web-based_school_management_system", vendor: "campcodes", versions: [ { status: "unknown", version: "1.0", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, }, { other: { content: { id: "CVE-2024-33804", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-06-26T18:05:27.424072Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-89", description: "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-26T18:07:00.885Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T02:36:04.548Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2016.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "A SQL injection vulnerability in /model/get_subject.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the id parameter.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-28T15:50:23.193Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2016.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-33804", datePublished: "2024-05-28T15:50:22.900Z", dateReserved: "2024-04-26T00:00:00.000Z", dateUpdated: "2025-02-13T15:52:49.137Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-33405
Vulnerability from cvelistv5
Published
2024-05-06 00:00
Modified
2024-08-02 02:27
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in add_friends.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the friend_index parameter.
References
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:campcodes:complete_web-based_school_management_system:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "complete_web-based_school_management_system", vendor: "campcodes", versions: [ { status: "affected", version: "1.0", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L", version: "3.1", }, }, { other: { content: { id: "CVE-2024-33405", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-05-07T15:43:46.941157Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-89", description: "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-04T17:45:17.589Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T02:27:53.541Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%204.pdf", }, { tags: [ "x_transferred", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%207.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "SQL injection vulnerability in add_friends.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the friend_index parameter.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-28T18:04:28.757225", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%204.pdf", }, { url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%207.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-33405", datePublished: "2024-05-06T00:00:00", dateReserved: "2024-04-23T00:00:00", dateUpdated: "2024-08-02T02:27:53.541Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-4682
Vulnerability from cvelistv5
Published
2024-05-09 17:31
Modified
2024-08-01 20:47
Severity ?
5.3 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
EPSS score ?
Summary
A vulnerability has been found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /view/exam_timetable_update_form.php. The manipulation of the argument exam leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263623.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.263623 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.263623 | signature, permissions-required | |
| https://vuldb.com/?submit.331772 | third-party-advisory | |
| https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2029.pdf | exploit |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Campcodes | Complete Web-Based School Management System |
Version: 1.0 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-4682", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-05-09T19:59:36.901859Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:55:10.763Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T20:47:41.546Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "VDB-263623 | Campcodes Complete Web-Based School Management System exam_timetable_update_form.php cross site scripting", tags: [ "vdb-entry", "technical-description", "x_transferred", ], url: "https://vuldb.com/?id.263623", }, { name: "VDB-263623 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", "x_transferred", ], url: "https://vuldb.com/?ctiid.263623", }, { name: "Submit #331772 | Campcodes Complete Web-Based School Management System ≤1.0 XSS injection", tags: [ "third-party-advisory", "x_transferred", ], url: "https://vuldb.com/?submit.331772", }, { tags: [ "exploit", "x_transferred", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2029.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Complete Web-Based School Management System", vendor: "Campcodes", versions: [ { status: "affected", version: "1.0", }, ], }, ], credits: [ { lang: "en", type: "reporter", value: "SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)", }, ], descriptions: [ { lang: "en", value: "A vulnerability has been found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /view/exam_timetable_update_form.php. The manipulation of the argument exam leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263623.", }, { lang: "de", value: "In Campcodes Complete Web-Based School Management System 1.0 wurde eine Schwachstelle gefunden. Sie wurde als problematisch eingestuft. Dabei geht es um eine nicht genauer bekannte Funktion der Datei /view/exam_timetable_update_form.php. Durch Manipulieren des Arguments exam mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.", }, ], metrics: [ { cvssV4_0: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", version: "4.0", }, }, { cvssV3_1: { baseScore: 3.5, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, }, { cvssV3_0: { baseScore: 3.5, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.0", }, }, { cvssV2_0: { baseScore: 4, vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Cross Site Scripting", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-09T17:31:04.351Z", orgId: "1af790b2-7ee1-4545-860a-a788eba489b5", shortName: "VulDB", }, references: [ { name: "VDB-263623 | Campcodes Complete Web-Based School Management System exam_timetable_update_form.php cross site scripting", tags: [ "vdb-entry", "technical-description", ], url: "https://vuldb.com/?id.263623", }, { name: "VDB-263623 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", ], url: "https://vuldb.com/?ctiid.263623", }, { name: "Submit #331772 | Campcodes Complete Web-Based School Management System ≤1.0 XSS injection", tags: [ "third-party-advisory", ], url: "https://vuldb.com/?submit.331772", }, { tags: [ "exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2029.pdf", }, ], timeline: [ { lang: "en", time: "2024-05-09T00:00:00.000Z", value: "Advisory disclosed", }, { lang: "en", time: "2024-05-09T02:00:00.000Z", value: "VulDB entry created", }, { lang: "en", time: "2024-05-09T10:55:31.000Z", value: "VulDB entry last update", }, ], title: "Campcodes Complete Web-Based School Management System exam_timetable_update_form.php cross site scripting", }, }, cveMetadata: { assignerOrgId: "1af790b2-7ee1-4545-860a-a788eba489b5", assignerShortName: "VulDB", cveId: "CVE-2024-4682", datePublished: "2024-05-09T17:31:04.351Z", dateReserved: "2024-05-09T08:50:06.863Z", dateUpdated: "2024-08-01T20:47:41.546Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-4678
Vulnerability from cvelistv5
Published
2024-05-09 14:31
Modified
2024-08-01 20:47
Severity ?
5.3 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
EPSS score ?
Summary
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /view/find_friends.php. The manipulation of the argument my_type leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263599.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.263599 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.263599 | signature, permissions-required | |
| https://vuldb.com/?submit.331315 | third-party-advisory | |
| https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2028.pdf | exploit |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Campcodes | Complete Web-Based School Management System |
Version: 1.0 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-4678", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-05-09T16:03:32.018685Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:54:21.859Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T20:47:41.421Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "VDB-263599 | Campcodes Complete Web-Based School Management System find_friends.php cross site scripting", tags: [ "vdb-entry", "technical-description", "x_transferred", ], url: "https://vuldb.com/?id.263599", }, { name: "VDB-263599 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", "x_transferred", ], url: "https://vuldb.com/?ctiid.263599", }, { name: "Submit #331315 | Campcodes Complete Web-Based School Management System ≤1.0 XSS injection", tags: [ "third-party-advisory", "x_transferred", ], url: "https://vuldb.com/?submit.331315", }, { tags: [ "exploit", "x_transferred", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2028.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Complete Web-Based School Management System", vendor: "Campcodes", versions: [ { status: "affected", version: "1.0", }, ], }, ], credits: [ { lang: "en", type: "reporter", value: "SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)", }, ], descriptions: [ { lang: "en", value: "A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /view/find_friends.php. The manipulation of the argument my_type leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263599.", }, { lang: "de", value: "In Campcodes Complete Web-Based School Management System 1.0 wurde eine problematische Schwachstelle ausgemacht. Hierbei betrifft es unbekannten Programmcode der Datei /view/find_friends.php. Mittels Manipulieren des Arguments my_type mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung.", }, ], metrics: [ { cvssV4_0: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", version: "4.0", }, }, { cvssV3_1: { baseScore: 3.5, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, }, { cvssV3_0: { baseScore: 3.5, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.0", }, }, { cvssV2_0: { baseScore: 4, vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Cross Site Scripting", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-09T14:31:04.068Z", orgId: "1af790b2-7ee1-4545-860a-a788eba489b5", shortName: "VulDB", }, references: [ { name: "VDB-263599 | Campcodes Complete Web-Based School Management System find_friends.php cross site scripting", tags: [ "vdb-entry", "technical-description", ], url: "https://vuldb.com/?id.263599", }, { name: "VDB-263599 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", ], url: "https://vuldb.com/?ctiid.263599", }, { name: "Submit #331315 | Campcodes Complete Web-Based School Management System ≤1.0 XSS injection", tags: [ "third-party-advisory", ], url: "https://vuldb.com/?submit.331315", }, { tags: [ "exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2028.pdf", }, ], timeline: [ { lang: "en", time: "2024-05-08T00:00:00.000Z", value: "Advisory disclosed", }, { lang: "en", time: "2024-05-08T02:00:00.000Z", value: "VulDB entry created", }, { lang: "en", time: "2024-05-09T05:41:08.000Z", value: "VulDB entry last update", }, ], title: "Campcodes Complete Web-Based School Management System find_friends.php cross site scripting", }, }, cveMetadata: { assignerOrgId: "1af790b2-7ee1-4545-860a-a788eba489b5", assignerShortName: "VulDB", cveId: "CVE-2024-4678", datePublished: "2024-05-09T14:31:04.068Z", dateReserved: "2024-05-09T03:35:53.973Z", dateUpdated: "2024-08-01T20:47:41.421Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-33406
Vulnerability from cvelistv5
Published
2024-05-06 00:00
Modified
2024-08-02 02:27
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in /model/delete_student_grade_subject.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the index parameter.
References
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "complete_web-based_school_management_system", vendor: "campcodes", versions: [ { status: "affected", version: "1.0", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-33406", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-05-24T16:22:02.836888Z", version: "2.0.3", }, type: "ssvc", }, }, { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-89", description: "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-04T17:43:58.599Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T02:27:53.635Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%205.pdf", }, { tags: [ "x_transferred", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%207.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "SQL injection vulnerability in /model/delete_student_grade_subject.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the index parameter.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-28T18:05:32.203123", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%205.pdf", }, { url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%207.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-33406", datePublished: "2024-05-06T00:00:00", dateReserved: "2024-04-23T00:00:00", dateUpdated: "2024-08-02T02:27:53.635Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-33408
Vulnerability from cvelistv5
Published
2024-05-06 00:00
Modified
2024-08-02 02:27
Severity ?
EPSS score ?
Summary
A SQL injection vulnerability in /model/get_classroom.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the id parameter.
References
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:campcodes:complete_web-based_school_management_system:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "complete_web-based_school_management_system", vendor: "campcodes", versions: [ { status: "affected", version: "1.0", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-33408", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-08-01T20:09:14.293735Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-89", description: "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-01T20:11:32.215Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T02:27:53.637Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%207.pdf", }, { tags: [ "x_transferred", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%209.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "A SQL injection vulnerability in /model/get_classroom.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the id parameter.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-28T18:06:20.130228", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%207.pdf", }, { url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%209.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-33408", datePublished: "2024-05-06T00:00:00", dateReserved: "2024-04-23T00:00:00", dateUpdated: "2024-08-02T02:27:53.637Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-33803
Vulnerability from cvelistv5
Published
2024-05-28 15:50
Modified
2025-02-13 15:52
Severity ?
EPSS score ?
Summary
A SQL injection vulnerability in /model/get_exam.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the id parameter.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T02:36:04.598Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2011.pdf", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-33803", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-08-19T14:52:13.051772Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-89", description: "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-12T18:12:20.279Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "A SQL injection vulnerability in /model/get_exam.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the id parameter.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-28T15:50:00.602Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2011.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-33803", datePublished: "2024-05-28T15:50:00.259Z", dateReserved: "2024-04-26T00:00:00.000Z", dateUpdated: "2025-02-13T15:52:48.485Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-4714
Vulnerability from cvelistv5
Published
2024-05-10 11:00
Modified
2024-08-01 20:47
Severity ?
5.3 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
EPSS score ?
Summary
A vulnerability, which was classified as problematic, has been found in Campcodes Complete Web-Based School Management System 1.0. Affected by this issue is some unknown functionality of the file /model/update_subject.php. The manipulation of the argument name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263792.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.263792 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.263792 | signature, permissions-required | |
| https://vuldb.com/?submit.331880 | third-party-advisory | |
| https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2037.pdf | exploit |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Campcodes | Complete Web-Based School Management System |
Version: 1.0 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "complete_web-based_school_management_system", vendor: "campcodes", versions: [ { status: "affected", version: "1.0", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-4714", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-05-10T19:54:49.656444Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:55:59.588Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T20:47:41.651Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "VDB-263792 | Campcodes Complete Web-Based School Management System update_subject.php cross site scripting", tags: [ "vdb-entry", "technical-description", "x_transferred", ], url: "https://vuldb.com/?id.263792", }, { name: "VDB-263792 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", "x_transferred", ], url: "https://vuldb.com/?ctiid.263792", }, { name: "Submit #331880 | Campcodes Complete Web-Based School Management System ≤1.0 XSS injection", tags: [ "third-party-advisory", "x_transferred", ], url: "https://vuldb.com/?submit.331880", }, { tags: [ "exploit", "x_transferred", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2037.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Complete Web-Based School Management System", vendor: "Campcodes", versions: [ { status: "affected", version: "1.0", }, ], }, ], credits: [ { lang: "en", type: "reporter", value: "SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)", }, ], descriptions: [ { lang: "en", value: "A vulnerability, which was classified as problematic, has been found in Campcodes Complete Web-Based School Management System 1.0. Affected by this issue is some unknown functionality of the file /model/update_subject.php. The manipulation of the argument name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263792.", }, { lang: "de", value: "Eine problematische Schwachstelle wurde in Campcodes Complete Web-Based School Management System 1.0 entdeckt. Dies betrifft einen unbekannten Teil der Datei /model/update_subject.php. Dank Manipulation des Arguments name mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.", }, ], metrics: [ { cvssV4_0: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", version: "4.0", }, }, { cvssV3_1: { baseScore: 3.5, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, }, { cvssV3_0: { baseScore: 3.5, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.0", }, }, { cvssV2_0: { baseScore: 4, vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Cross Site Scripting", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-10T11:00:05.552Z", orgId: "1af790b2-7ee1-4545-860a-a788eba489b5", shortName: "VulDB", }, references: [ { name: "VDB-263792 | Campcodes Complete Web-Based School Management System update_subject.php cross site scripting", tags: [ "vdb-entry", "technical-description", ], url: "https://vuldb.com/?id.263792", }, { name: "VDB-263792 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", ], url: "https://vuldb.com/?ctiid.263792", }, { name: "Submit #331880 | Campcodes Complete Web-Based School Management System ≤1.0 XSS injection", tags: [ "third-party-advisory", ], url: "https://vuldb.com/?submit.331880", }, { tags: [ "exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2037.pdf", }, ], timeline: [ { lang: "en", time: "2024-05-10T00:00:00.000Z", value: "Advisory disclosed", }, { lang: "en", time: "2024-05-10T02:00:00.000Z", value: "VulDB entry created", }, { lang: "en", time: "2024-05-10T07:43:16.000Z", value: "VulDB entry last update", }, ], title: "Campcodes Complete Web-Based School Management System update_subject.php cross site scripting", }, }, cveMetadata: { assignerOrgId: "1af790b2-7ee1-4545-860a-a788eba489b5", assignerShortName: "VulDB", cveId: "CVE-2024-4714", datePublished: "2024-05-10T11:00:05.552Z", dateReserved: "2024-05-10T05:37:46.145Z", dateUpdated: "2024-08-01T20:47:41.651Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-33806
Vulnerability from cvelistv5
Published
2024-05-28 15:51
Modified
2025-02-13 15:52
Severity ?
EPSS score ?
Summary
A SQL injection vulnerability in /model/get_grade.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the id parameter.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T02:36:04.599Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2012.pdf", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "complete_web-based_school_management_system", vendor: "campcodes", versions: [ { status: "affected", version: "1.0", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-33806", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-08-20T14:45:38.905229Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-89", description: "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-20T14:47:32.426Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "A SQL injection vulnerability in /model/get_grade.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the id parameter.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-28T15:51:29.593Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2012.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-33806", datePublished: "2024-05-28T15:51:29.163Z", dateReserved: "2024-04-26T00:00:00.000Z", dateUpdated: "2025-02-13T15:52:50.290Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-33407
Vulnerability from cvelistv5
Published
2024-05-06 00:00
Modified
2024-08-02 02:27
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in /model/delete_record.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the id parameter.
References
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:campcodes:complete_web-based_school_management_system:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "complete_web-based_school_management_system", vendor: "campcodes", versions: [ { status: "affected", version: "-", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, }, { other: { content: { id: "CVE-2024-33407", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-05-07T15:35:01.244125Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-89", description: "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-04T17:43:50.459Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T02:27:53.634Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%206.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "SQL injection vulnerability in /model/delete_record.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the id parameter.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-06T17:40:26.262784", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%206.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-33407", datePublished: "2024-05-06T00:00:00", dateReserved: "2024-04-23T00:00:00", dateUpdated: "2024-08-02T02:27:53.634Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-4649
Vulnerability from cvelistv5
Published
2024-05-08 13:31
Modified
2024-08-01 20:47
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
EPSS score ?
Summary
A vulnerability classified as problematic has been found in Campcodes Complete Web-Based School Management System 1.0. This affects an unknown part of the file /view/student_exam_mark_insert_form1.php. The manipulation of the argument page leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263493 was assigned to this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.263493 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.263493 | signature, permissions-required | |
| https://vuldb.com/?submit.330123 | third-party-advisory | |
| https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2018.pdf | exploit |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Campcodes | Complete Web-Based School Management System |
Version: 1.0 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-4649", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-05-24T16:16:45.745443Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:53:17.138Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T20:47:41.324Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "VDB-263493 | Campcodes Complete Web-Based School Management System student_exam_mark_insert_form1.php cross site scripting", tags: [ "vdb-entry", "technical-description", "x_transferred", ], url: "https://vuldb.com/?id.263493", }, { name: "VDB-263493 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", "x_transferred", ], url: "https://vuldb.com/?ctiid.263493", }, { name: "Submit #330123 | Campcodes Complete Web-Based School Management System ≤1.0 XSS injection", tags: [ "third-party-advisory", "x_transferred", ], url: "https://vuldb.com/?submit.330123", }, { tags: [ "exploit", "x_transferred", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2018.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Complete Web-Based School Management System", vendor: "Campcodes", versions: [ { status: "affected", version: "1.0", }, ], }, ], credits: [ { lang: "en", type: "reporter", value: "SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)", }, ], descriptions: [ { lang: "en", value: "A vulnerability classified as problematic has been found in Campcodes Complete Web-Based School Management System 1.0. This affects an unknown part of the file /view/student_exam_mark_insert_form1.php. The manipulation of the argument page leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263493 was assigned to this vulnerability.", }, { lang: "de", value: "Es wurde eine Schwachstelle in Campcodes Complete Web-Based School Management System 1.0 entdeckt. Sie wurde als problematisch eingestuft. Dabei betrifft es einen unbekannter Codeteil der Datei /view/student_exam_mark_insert_form1.php. Durch Beeinflussen des Arguments page mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.", }, ], metrics: [ { cvssV3_1: { baseScore: 3.5, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, }, { cvssV3_0: { baseScore: 3.5, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.0", }, }, { cvssV2_0: { baseScore: 4, vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Cross Site Scripting", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-08T13:31:05.590Z", orgId: "1af790b2-7ee1-4545-860a-a788eba489b5", shortName: "VulDB", }, references: [ { name: "VDB-263493 | Campcodes Complete Web-Based School Management System student_exam_mark_insert_form1.php cross site scripting", tags: [ "vdb-entry", "technical-description", ], url: "https://vuldb.com/?id.263493", }, { name: "VDB-263493 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", ], url: "https://vuldb.com/?ctiid.263493", }, { name: "Submit #330123 | Campcodes Complete Web-Based School Management System ≤1.0 XSS injection", tags: [ "third-party-advisory", ], url: "https://vuldb.com/?submit.330123", }, { tags: [ "exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2018.pdf", }, ], timeline: [ { lang: "en", time: "2024-05-08T00:00:00.000Z", value: "Advisory disclosed", }, { lang: "en", time: "2024-05-08T02:00:00.000Z", value: "VulDB entry created", }, { lang: "en", time: "2024-05-08T08:02:45.000Z", value: "VulDB entry last update", }, ], title: "Campcodes Complete Web-Based School Management System student_exam_mark_insert_form1.php cross site scripting", }, }, cveMetadata: { assignerOrgId: "1af790b2-7ee1-4545-860a-a788eba489b5", assignerShortName: "VulDB", cveId: "CVE-2024-4649", datePublished: "2024-05-08T13:31:05.590Z", dateReserved: "2024-05-08T05:57:27.468Z", dateUpdated: "2024-08-01T20:47:41.324Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-4526
Vulnerability from cvelistv5
Published
2024-05-06 06:00
Modified
2024-08-01 20:40
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
EPSS score ?
Summary
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /view/student_payment_details3.php. The manipulation of the argument month leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263129 was assigned to this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.263129 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.263129 | signature, permissions-required | |
| https://vuldb.com/?submit.329772 | third-party-advisory | |
| https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2013.pdf | exploit |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Campcodes | Complete Web-Based School Management System |
Version: 1.0 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-4526", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-05-06T20:41:46.385074Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:54:49.211Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T20:40:47.337Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "VDB-263129 | Campcodes Complete Web-Based School Management System student_payment_details3.php cross site scripting", tags: [ "vdb-entry", "technical-description", "x_transferred", ], url: "https://vuldb.com/?id.263129", }, { name: "VDB-263129 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", "x_transferred", ], url: "https://vuldb.com/?ctiid.263129", }, { name: "Submit #329772 | Campcodes Complete Web-Based School Management System ≤1.0 XSS injection", tags: [ "third-party-advisory", "x_transferred", ], url: "https://vuldb.com/?submit.329772", }, { tags: [ "exploit", "x_transferred", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2013.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Complete Web-Based School Management System", vendor: "Campcodes", versions: [ { status: "affected", version: "1.0", }, ], }, ], credits: [ { lang: "en", type: "reporter", value: "SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)", }, ], descriptions: [ { lang: "en", value: "A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /view/student_payment_details3.php. The manipulation of the argument month leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263129 was assigned to this vulnerability.", }, { lang: "de", value: "Eine problematische Schwachstelle wurde in Campcodes Complete Web-Based School Management System 1.0 gefunden. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Datei /view/student_payment_details3.php. Durch das Beeinflussen des Arguments month mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung.", }, ], metrics: [ { cvssV3_1: { baseScore: 3.5, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, }, { cvssV3_0: { baseScore: 3.5, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.0", }, }, { cvssV2_0: { baseScore: 4, vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Cross Site Scripting", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-06T06:00:05.369Z", orgId: "1af790b2-7ee1-4545-860a-a788eba489b5", shortName: "VulDB", }, references: [ { name: "VDB-263129 | Campcodes Complete Web-Based School Management System student_payment_details3.php cross site scripting", tags: [ "vdb-entry", "technical-description", ], url: "https://vuldb.com/?id.263129", }, { name: "VDB-263129 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", ], url: "https://vuldb.com/?ctiid.263129", }, { name: "Submit #329772 | Campcodes Complete Web-Based School Management System ≤1.0 XSS injection", tags: [ "third-party-advisory", ], url: "https://vuldb.com/?submit.329772", }, { tags: [ "exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2013.pdf", }, ], timeline: [ { lang: "en", time: "2024-05-05T00:00:00.000Z", value: "Advisory disclosed", }, { lang: "en", time: "2024-05-05T02:00:00.000Z", value: "VulDB entry created", }, { lang: "en", time: "2024-05-05T16:41:59.000Z", value: "VulDB entry last update", }, ], title: "Campcodes Complete Web-Based School Management System student_payment_details3.php cross site scripting", }, }, cveMetadata: { assignerOrgId: "1af790b2-7ee1-4545-860a-a788eba489b5", assignerShortName: "VulDB", cveId: "CVE-2024-4526", datePublished: "2024-05-06T06:00:05.369Z", dateReserved: "2024-05-05T14:36:40.921Z", dateUpdated: "2024-08-01T20:40:47.337Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-4713
Vulnerability from cvelistv5
Published
2024-05-10 10:00
Modified
2024-08-01 20:47
Severity ?
5.3 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
EPSS score ?
Summary
A vulnerability classified as problematic was found in Campcodes Complete Web-Based School Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /view/all_teacher.php. The manipulation of the argument page leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263791.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.263791 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.263791 | signature, permissions-required | |
| https://vuldb.com/?submit.331879 | third-party-advisory | |
| https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2036.pdf | exploit |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Campcodes | Complete Web-Based School Management System |
Version: 1.0 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-4713", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-05-24T16:17:55.909700Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:55:20.660Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T20:47:41.664Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "VDB-263791 | Campcodes Complete Web-Based School Management System all_teacher.php cross site scripting", tags: [ "vdb-entry", "technical-description", "x_transferred", ], url: "https://vuldb.com/?id.263791", }, { name: "VDB-263791 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", "x_transferred", ], url: "https://vuldb.com/?ctiid.263791", }, { name: "Submit #331879 | Campcodes Complete Web-Based School Management System ≤1.0 XSS injection", tags: [ "third-party-advisory", "x_transferred", ], url: "https://vuldb.com/?submit.331879", }, { tags: [ "exploit", "x_transferred", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2036.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Complete Web-Based School Management System", vendor: "Campcodes", versions: [ { status: "affected", version: "1.0", }, ], }, ], credits: [ { lang: "en", type: "reporter", value: "SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)", }, ], descriptions: [ { lang: "en", value: "A vulnerability classified as problematic was found in Campcodes Complete Web-Based School Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /view/all_teacher.php. The manipulation of the argument page leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263791.", }, { lang: "de", value: "In Campcodes Complete Web-Based School Management System 1.0 wurde eine problematische Schwachstelle entdeckt. Das betrifft eine unbekannte Funktionalität der Datei /view/all_teacher.php. Dank der Manipulation des Arguments page mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung.", }, ], metrics: [ { cvssV4_0: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", version: "4.0", }, }, { cvssV3_1: { baseScore: 3.5, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, }, { cvssV3_0: { baseScore: 3.5, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.0", }, }, { cvssV2_0: { baseScore: 4, vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Cross Site Scripting", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-10T10:00:04.488Z", orgId: "1af790b2-7ee1-4545-860a-a788eba489b5", shortName: "VulDB", }, references: [ { name: "VDB-263791 | Campcodes Complete Web-Based School Management System all_teacher.php cross site scripting", tags: [ "vdb-entry", "technical-description", ], url: "https://vuldb.com/?id.263791", }, { name: "VDB-263791 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", ], url: "https://vuldb.com/?ctiid.263791", }, { name: "Submit #331879 | Campcodes Complete Web-Based School Management System ≤1.0 XSS injection", tags: [ "third-party-advisory", ], url: "https://vuldb.com/?submit.331879", }, { tags: [ "exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2036.pdf", }, ], timeline: [ { lang: "en", time: "2024-05-10T00:00:00.000Z", value: "Advisory disclosed", }, { lang: "en", time: "2024-05-10T02:00:00.000Z", value: "VulDB entry created", }, { lang: "en", time: "2024-05-10T07:43:14.000Z", value: "VulDB entry last update", }, ], title: "Campcodes Complete Web-Based School Management System all_teacher.php cross site scripting", }, }, cveMetadata: { assignerOrgId: "1af790b2-7ee1-4545-860a-a788eba489b5", assignerShortName: "VulDB", cveId: "CVE-2024-4713", datePublished: "2024-05-10T10:00:04.488Z", dateReserved: "2024-05-10T05:37:43.724Z", dateUpdated: "2024-08-01T20:47:41.664Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-34931
Vulnerability from cvelistv5
Published
2024-05-23 16:31
Modified
2025-02-13 15:53
Severity ?
EPSS score ?
Summary
A SQL injection vulnerability in /model/update_subject.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the name parameter.
References
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "complete_web-based_school_management_system", vendor: "campcodes", versions: [ { status: "affected", version: "1.0", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-34931", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-12-03T16:36:30.468200Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-89", description: "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-03T16:37:22.537Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T02:59:22.703Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2024.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "A SQL injection vulnerability in /model/update_subject.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the name parameter.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-23T16:31:57.216Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2024.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-34931", datePublished: "2024-05-23T16:31:56.924Z", dateReserved: "2024-05-09T00:00:00.000Z", dateUpdated: "2025-02-13T15:53:36.435Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-4527
Vulnerability from cvelistv5
Published
2024-05-06 06:00
Modified
2024-08-01 20:40
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
EPSS score ?
Summary
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file /view/student_payment_details2.php. The manipulation of the argument index leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-263130 is the identifier assigned to this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.263130 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.263130 | signature, permissions-required | |
| https://vuldb.com/?submit.329773 | third-party-advisory | |
| https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2014.pdf | exploit |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Campcodes | Complete Web-Based School Management System |
Version: 1.0 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-4527", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-05-24T16:21:16.401613Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:53:56.523Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T20:40:47.437Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "VDB-263130 | Campcodes Complete Web-Based School Management System student_payment_details2.php cross site scripting", tags: [ "vdb-entry", "technical-description", "x_transferred", ], url: "https://vuldb.com/?id.263130", }, { name: "VDB-263130 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", "x_transferred", ], url: "https://vuldb.com/?ctiid.263130", }, { name: "Submit #329773 | Campcodes Complete Web-Based School Management System ≤1.0 XSS injection", tags: [ "third-party-advisory", "x_transferred", ], url: "https://vuldb.com/?submit.329773", }, { tags: [ "exploit", "x_transferred", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2014.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Complete Web-Based School Management System", vendor: "Campcodes", versions: [ { status: "affected", version: "1.0", }, ], }, ], credits: [ { lang: "en", type: "reporter", value: "SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)", }, ], descriptions: [ { lang: "en", value: "A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file /view/student_payment_details2.php. The manipulation of the argument index leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-263130 is the identifier assigned to this vulnerability.", }, { lang: "de", value: "Es wurde eine problematische Schwachstelle in Campcodes Complete Web-Based School Management System 1.0 ausgemacht. Es betrifft eine unbekannte Funktion der Datei /view/student_payment_details2.php. Durch Beeinflussen des Arguments index mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.", }, ], metrics: [ { cvssV3_1: { baseScore: 3.5, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, }, { cvssV3_0: { baseScore: 3.5, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.0", }, }, { cvssV2_0: { baseScore: 4, vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Cross Site Scripting", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-06T06:00:07.074Z", orgId: "1af790b2-7ee1-4545-860a-a788eba489b5", shortName: "VulDB", }, references: [ { name: "VDB-263130 | Campcodes Complete Web-Based School Management System student_payment_details2.php cross site scripting", tags: [ "vdb-entry", "technical-description", ], url: "https://vuldb.com/?id.263130", }, { name: "VDB-263130 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", ], url: "https://vuldb.com/?ctiid.263130", }, { name: "Submit #329773 | Campcodes Complete Web-Based School Management System ≤1.0 XSS injection", tags: [ "third-party-advisory", ], url: "https://vuldb.com/?submit.329773", }, { tags: [ "exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2014.pdf", }, ], timeline: [ { lang: "en", time: "2024-05-05T00:00:00.000Z", value: "Advisory disclosed", }, { lang: "en", time: "2024-05-05T02:00:00.000Z", value: "VulDB entry created", }, { lang: "en", time: "2024-05-05T16:42:01.000Z", value: "VulDB entry last update", }, ], title: "Campcodes Complete Web-Based School Management System student_payment_details2.php cross site scripting", }, }, cveMetadata: { assignerOrgId: "1af790b2-7ee1-4545-860a-a788eba489b5", assignerShortName: "VulDB", cveId: "CVE-2024-4527", datePublished: "2024-05-06T06:00:07.074Z", dateReserved: "2024-05-05T14:36:43.488Z", dateUpdated: "2024-08-01T20:40:47.437Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-4676
Vulnerability from cvelistv5
Published
2024-05-09 13:00
Modified
2024-08-01 20:47
Severity ?
5.3 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
EPSS score ?
Summary
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /view/range_grade_text.php. The manipulation of the argument count leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263597 was assigned to this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.263597 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.263597 | signature, permissions-required | |
| https://vuldb.com/?submit.331313 | third-party-advisory | |
| https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2026.pdf | exploit |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Campcodes | Complete Web-Based School Management System |
Version: 1.0 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:campcodes:complete_web-based_school_management_system:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "complete_web-based_school_management_system", vendor: "campcodes", versions: [ { status: "affected", version: "1.0", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-4676", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-05-09T15:54:06.321270Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:55:45.203Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T20:47:41.563Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "VDB-263597 | Campcodes Complete Web-Based School Management System range_grade_text.php cross site scripting", tags: [ "vdb-entry", "technical-description", "x_transferred", ], url: "https://vuldb.com/?id.263597", }, { name: "VDB-263597 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", "x_transferred", ], url: "https://vuldb.com/?ctiid.263597", }, { name: "Submit #331313 | Campcodes Complete Web-Based School Management System ≤1.0 XSS injection", tags: [ "third-party-advisory", "x_transferred", ], url: "https://vuldb.com/?submit.331313", }, { tags: [ "exploit", "x_transferred", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2026.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Complete Web-Based School Management System", vendor: "Campcodes", versions: [ { status: "affected", version: "1.0", }, ], }, ], credits: [ { lang: "en", type: "reporter", value: "SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)", }, ], descriptions: [ { lang: "en", value: "A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /view/range_grade_text.php. The manipulation of the argument count leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263597 was assigned to this vulnerability.", }, { lang: "de", value: "Eine problematische Schwachstelle wurde in Campcodes Complete Web-Based School Management System 1.0 gefunden. Dies betrifft einen unbekannten Teil der Datei /view/range_grade_text.php. Durch Manipulation des Arguments count mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.", }, ], metrics: [ { cvssV4_0: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", version: "4.0", }, }, { cvssV3_1: { baseScore: 3.5, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, }, { cvssV3_0: { baseScore: 3.5, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.0", }, }, { cvssV2_0: { baseScore: 4, vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Cross Site Scripting", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-09T13:00:06.678Z", orgId: "1af790b2-7ee1-4545-860a-a788eba489b5", shortName: "VulDB", }, references: [ { name: "VDB-263597 | Campcodes Complete Web-Based School Management System range_grade_text.php cross site scripting", tags: [ "vdb-entry", "technical-description", ], url: "https://vuldb.com/?id.263597", }, { name: "VDB-263597 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", ], url: "https://vuldb.com/?ctiid.263597", }, { name: "Submit #331313 | Campcodes Complete Web-Based School Management System ≤1.0 XSS injection", tags: [ "third-party-advisory", ], url: "https://vuldb.com/?submit.331313", }, { tags: [ "exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2026.pdf", }, ], timeline: [ { lang: "en", time: "2024-05-08T00:00:00.000Z", value: "Advisory disclosed", }, { lang: "en", time: "2024-05-08T02:00:00.000Z", value: "VulDB entry created", }, { lang: "en", time: "2024-05-09T05:41:05.000Z", value: "VulDB entry last update", }, ], title: "Campcodes Complete Web-Based School Management System range_grade_text.php cross site scripting", }, }, cveMetadata: { assignerOrgId: "1af790b2-7ee1-4545-860a-a788eba489b5", assignerShortName: "VulDB", cveId: "CVE-2024-4676", datePublished: "2024-05-09T13:00:06.678Z", dateReserved: "2024-05-09T03:35:47.952Z", dateUpdated: "2024-08-01T20:47:41.563Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-4719
Vulnerability from cvelistv5
Published
2024-05-10 15:00
Modified
2024-08-01 20:47
Severity ?
5.3 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
EPSS score ?
Summary
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /model/delete_record.php. The manipulation of the argument page leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263797 was assigned to this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.263797 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.263797 | signature, permissions-required | |
| https://vuldb.com/?submit.331885 | third-party-advisory | |
| https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2042.pdf | exploit |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Campcodes | Complete Web-Based School Management System |
Version: 1.0 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-4719", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-06-20T19:42:57.240369Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-20T19:43:07.592Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T20:47:41.760Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "VDB-263797 | Campcodes Complete Web-Based School Management System delete_record.php cross site scripting", tags: [ "vdb-entry", "technical-description", "x_transferred", ], url: "https://vuldb.com/?id.263797", }, { name: "VDB-263797 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", "x_transferred", ], url: "https://vuldb.com/?ctiid.263797", }, { name: "Submit #331885 | Campcodes Complete Web-Based School Management System ≤1.0 XSS injection", tags: [ "third-party-advisory", "x_transferred", ], url: "https://vuldb.com/?submit.331885", }, { tags: [ "exploit", "x_transferred", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2042.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Complete Web-Based School Management System", vendor: "Campcodes", versions: [ { status: "affected", version: "1.0", }, ], }, ], credits: [ { lang: "en", type: "reporter", value: "SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)", }, ], descriptions: [ { lang: "en", value: "A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /model/delete_record.php. The manipulation of the argument page leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263797 was assigned to this vulnerability.", }, { lang: "de", value: "In Campcodes Complete Web-Based School Management System 1.0 wurde eine problematische Schwachstelle ausgemacht. Betroffen ist eine unbekannte Verarbeitung der Datei /model/delete_record.php. Mittels Manipulieren des Arguments page mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.", }, ], metrics: [ { cvssV4_0: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", version: "4.0", }, }, { cvssV3_1: { baseScore: 3.5, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, }, { cvssV3_0: { baseScore: 3.5, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.0", }, }, { cvssV2_0: { baseScore: 4, vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Cross Site Scripting", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-10T15:00:04.908Z", orgId: "1af790b2-7ee1-4545-860a-a788eba489b5", shortName: "VulDB", }, references: [ { name: "VDB-263797 | Campcodes Complete Web-Based School Management System delete_record.php cross site scripting", tags: [ "vdb-entry", "technical-description", ], url: "https://vuldb.com/?id.263797", }, { name: "VDB-263797 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", ], url: "https://vuldb.com/?ctiid.263797", }, { name: "Submit #331885 | Campcodes Complete Web-Based School Management System ≤1.0 XSS injection", tags: [ "third-party-advisory", ], url: "https://vuldb.com/?submit.331885", }, { tags: [ "exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2042.pdf", }, ], timeline: [ { lang: "en", time: "2024-05-10T00:00:00.000Z", value: "Advisory disclosed", }, { lang: "en", time: "2024-05-10T02:00:00.000Z", value: "VulDB entry created", }, { lang: "en", time: "2024-05-10T07:43:24.000Z", value: "VulDB entry last update", }, ], title: "Campcodes Complete Web-Based School Management System delete_record.php cross site scripting", }, }, cveMetadata: { assignerOrgId: "1af790b2-7ee1-4545-860a-a788eba489b5", assignerShortName: "VulDB", cveId: "CVE-2024-4719", datePublished: "2024-05-10T15:00:04.908Z", dateReserved: "2024-05-10T05:37:59.309Z", dateUpdated: "2024-08-01T20:47:41.760Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-4675
Vulnerability from cvelistv5
Published
2024-05-09 11:31
Modified
2024-08-01 20:47
Severity ?
5.3 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
EPSS score ?
Summary
A vulnerability has been found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /view/show_events.php. The manipulation of the argument event_id leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263596.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.263596 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.263596 | signature, permissions-required | |
| https://vuldb.com/?submit.331312 | third-party-advisory | |
| https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2025.pdf | exploit |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Campcodes | Complete Web-Based School Management System |
Version: 1.0 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-4675", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-05-09T15:32:53.721763Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:54:06.450Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T20:47:41.391Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "VDB-263596 | Campcodes Complete Web-Based School Management System show_events.php cross site scripting", tags: [ "vdb-entry", "technical-description", "x_transferred", ], url: "https://vuldb.com/?id.263596", }, { name: "VDB-263596 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", "x_transferred", ], url: "https://vuldb.com/?ctiid.263596", }, { name: "Submit #331312 | Campcodes Complete Web-Based School Management System ≤1.0 XSS injection", tags: [ "third-party-advisory", "x_transferred", ], url: "https://vuldb.com/?submit.331312", }, { tags: [ "exploit", "x_transferred", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2025.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Complete Web-Based School Management System", vendor: "Campcodes", versions: [ { status: "affected", version: "1.0", }, ], }, ], credits: [ { lang: "en", type: "reporter", value: "SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)", }, ], descriptions: [ { lang: "en", value: "A vulnerability has been found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /view/show_events.php. The manipulation of the argument event_id leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263596.", }, { lang: "de", value: "In Campcodes Complete Web-Based School Management System 1.0 wurde eine problematische Schwachstelle gefunden. Das betrifft eine unbekannte Funktionalität der Datei /view/show_events.php. Durch die Manipulation des Arguments event_id mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung.", }, ], metrics: [ { cvssV4_0: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", version: "4.0", }, }, { cvssV3_1: { baseScore: 3.5, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, }, { cvssV3_0: { baseScore: 3.5, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.0", }, }, { cvssV2_0: { baseScore: 4, vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Cross Site Scripting", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-09T11:31:04.138Z", orgId: "1af790b2-7ee1-4545-860a-a788eba489b5", shortName: "VulDB", }, references: [ { name: "VDB-263596 | Campcodes Complete Web-Based School Management System show_events.php cross site scripting", tags: [ "vdb-entry", "technical-description", ], url: "https://vuldb.com/?id.263596", }, { name: "VDB-263596 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", ], url: "https://vuldb.com/?ctiid.263596", }, { name: "Submit #331312 | Campcodes Complete Web-Based School Management System ≤1.0 XSS injection", tags: [ "third-party-advisory", ], url: "https://vuldb.com/?submit.331312", }, { tags: [ "exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2025.pdf", }, ], timeline: [ { lang: "en", time: "2024-05-08T00:00:00.000Z", value: "Advisory disclosed", }, { lang: "en", time: "2024-05-08T02:00:00.000Z", value: "VulDB entry created", }, { lang: "en", time: "2024-05-09T05:41:04.000Z", value: "VulDB entry last update", }, ], title: "Campcodes Complete Web-Based School Management System show_events.php cross site scripting", }, }, cveMetadata: { assignerOrgId: "1af790b2-7ee1-4545-860a-a788eba489b5", assignerShortName: "VulDB", cveId: "CVE-2024-4675", datePublished: "2024-05-09T11:31:04.138Z", dateReserved: "2024-05-09T03:35:45.096Z", dateUpdated: "2024-08-01T20:47:41.391Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-4513
Vulnerability from cvelistv5
Published
2024-05-06 01:31
Modified
2024-08-01 20:40
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
EPSS score ?
Summary
A vulnerability, which was classified as problematic, has been found in Campcodes Complete Web-Based School Management System 1.0. This issue affects some unknown processing of the file /view/timetable_update_form.php. The manipulation of the argument grade leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263117 was assigned to this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.263117 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.263117 | signature, permissions-required | |
| https://vuldb.com/?submit.329694 | third-party-advisory | |
| https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%201.pdf | exploit |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Campcodes | Complete Web-Based School Management System |
Version: 1.0 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:campcodes:complete_web-based_school_management_system:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "complete_web-based_school_management_system", vendor: "campcodes", versions: [ { status: "affected", version: "1.0", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-4513", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-05-08T17:56:44.120178Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:55:09.458Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T20:40:47.427Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "VDB-263117 | Campcodes Complete Web-Based School Management System timetable_update_form.php cross site scripting", tags: [ "vdb-entry", "technical-description", "x_transferred", ], url: "https://vuldb.com/?id.263117", }, { name: "VDB-263117 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", "x_transferred", ], url: "https://vuldb.com/?ctiid.263117", }, { name: "Submit #329694 | Campcodes Complete Web-Based School Management System ≤1.0 XSS injection", tags: [ "third-party-advisory", "x_transferred", ], url: "https://vuldb.com/?submit.329694", }, { tags: [ "exploit", "x_transferred", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%201.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Complete Web-Based School Management System", vendor: "Campcodes", versions: [ { status: "affected", version: "1.0", }, ], }, ], credits: [ { lang: "en", type: "reporter", value: "SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)", }, ], descriptions: [ { lang: "en", value: "A vulnerability, which was classified as problematic, has been found in Campcodes Complete Web-Based School Management System 1.0. This issue affects some unknown processing of the file /view/timetable_update_form.php. The manipulation of the argument grade leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263117 was assigned to this vulnerability.", }, { lang: "de", value: "Eine Schwachstelle wurde in Campcodes Complete Web-Based School Management System 1.0 entdeckt. Sie wurde als problematisch eingestuft. Dies betrifft einen unbekannten Teil der Datei /view/timetable_update_form.php. Durch Manipulieren des Arguments grade mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.", }, ], metrics: [ { cvssV3_1: { baseScore: 3.5, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, }, { cvssV3_0: { baseScore: 3.5, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.0", }, }, { cvssV2_0: { baseScore: 4, vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Cross Site Scripting", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-06T01:31:05.567Z", orgId: "1af790b2-7ee1-4545-860a-a788eba489b5", shortName: "VulDB", }, references: [ { name: "VDB-263117 | Campcodes Complete Web-Based School Management System timetable_update_form.php cross site scripting", tags: [ "vdb-entry", "technical-description", ], url: "https://vuldb.com/?id.263117", }, { name: "VDB-263117 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", ], url: "https://vuldb.com/?ctiid.263117", }, { name: "Submit #329694 | Campcodes Complete Web-Based School Management System ≤1.0 XSS injection", tags: [ "third-party-advisory", ], url: "https://vuldb.com/?submit.329694", }, { tags: [ "exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%201.pdf", }, ], timeline: [ { lang: "en", time: "2024-05-05T00:00:00.000Z", value: "Advisory disclosed", }, { lang: "en", time: "2024-05-05T02:00:00.000Z", value: "VulDB entry created", }, { lang: "en", time: "2024-05-05T13:35:07.000Z", value: "VulDB entry last update", }, ], title: "Campcodes Complete Web-Based School Management System timetable_update_form.php cross site scripting", }, }, cveMetadata: { assignerOrgId: "1af790b2-7ee1-4545-860a-a788eba489b5", assignerShortName: "VulDB", cveId: "CVE-2024-4513", datePublished: "2024-05-06T01:31:05.567Z", dateReserved: "2024-05-05T11:29:37.446Z", dateUpdated: "2024-08-01T20:40:47.427Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-4907
Vulnerability from cvelistv5
Published
2024-05-15 18:31
Modified
2024-08-01 20:55
Severity ?
5.3 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
EPSS score ?
Summary
A vulnerability has been found in Campcodes Complete Web-Based School Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /view/show_student2.php. The manipulation of the argument grade leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-264442 is the identifier assigned to this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.264442 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.264442 | signature, permissions-required | |
| https://vuldb.com/?submit.333293 | third-party-advisory | |
| https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%203.pdf | exploit |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Campcodes | Complete Web-Based School Management System |
Version: 1.0 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-4907", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-06-07T19:57:07.718978Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-07T19:57:16.156Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T20:55:10.308Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "VDB-264442 | Campcodes Complete Web-Based School Management System show_student2.php sql injection", tags: [ "vdb-entry", "technical-description", "x_transferred", ], url: "https://vuldb.com/?id.264442", }, { name: "VDB-264442 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", "x_transferred", ], url: "https://vuldb.com/?ctiid.264442", }, { name: "Submit #333293 | Campcodes Complete Web-Based School Management System ≤1.0 SQL Injection", tags: [ "third-party-advisory", "x_transferred", ], url: "https://vuldb.com/?submit.333293", }, { tags: [ "exploit", "x_transferred", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%203.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Complete Web-Based School Management System", vendor: "Campcodes", versions: [ { status: "affected", version: "1.0", }, ], }, ], credits: [ { lang: "en", type: "reporter", value: "SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)", }, ], descriptions: [ { lang: "en", value: "A vulnerability has been found in Campcodes Complete Web-Based School Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /view/show_student2.php. The manipulation of the argument grade leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-264442 is the identifier assigned to this vulnerability.", }, { lang: "de", value: "In Campcodes Complete Web-Based School Management System 1.0 wurde eine kritische Schwachstelle gefunden. Betroffen ist eine unbekannte Verarbeitung der Datei /view/show_student2.php. Mit der Manipulation des Arguments grade mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.", }, ], metrics: [ { cvssV4_0: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", version: "4.0", }, }, { cvssV3_1: { baseScore: 6.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, }, { cvssV3_0: { baseScore: 6.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, }, { cvssV2_0: { baseScore: 6.5, vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-89", description: "CWE-89 SQL Injection", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-15T18:31:06.174Z", orgId: "1af790b2-7ee1-4545-860a-a788eba489b5", shortName: "VulDB", }, references: [ { name: "VDB-264442 | Campcodes Complete Web-Based School Management System show_student2.php sql injection", tags: [ "vdb-entry", "technical-description", ], url: "https://vuldb.com/?id.264442", }, { name: "VDB-264442 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", ], url: "https://vuldb.com/?ctiid.264442", }, { name: "Submit #333293 | Campcodes Complete Web-Based School Management System ≤1.0 SQL Injection", tags: [ "third-party-advisory", ], url: "https://vuldb.com/?submit.333293", }, { tags: [ "exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%203.pdf", }, ], timeline: [ { lang: "en", time: "2024-05-15T00:00:00.000Z", value: "Advisory disclosed", }, { lang: "en", time: "2024-05-15T02:00:00.000Z", value: "VulDB entry created", }, { lang: "en", time: "2024-05-15T13:22:23.000Z", value: "VulDB entry last update", }, ], title: "Campcodes Complete Web-Based School Management System show_student2.php sql injection", }, }, cveMetadata: { assignerOrgId: "1af790b2-7ee1-4545-860a-a788eba489b5", assignerShortName: "VulDB", cveId: "CVE-2024-4907", datePublished: "2024-05-15T18:31:06.174Z", dateReserved: "2024-05-15T11:17:04.260Z", dateUpdated: "2024-08-01T20:55:10.308Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-4523
Vulnerability from cvelistv5
Published
2024-05-06 05:00
Modified
2024-08-01 20:40
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
EPSS score ?
Summary
A vulnerability, which was classified as problematic, has been found in Campcodes Complete Web-Based School Management System 1.0. Affected by this issue is some unknown functionality of the file /view/teacher_attendance_history1.php. The manipulation of the argument year leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-263126 is the identifier assigned to this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.263126 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.263126 | signature, permissions-required | |
| https://vuldb.com/?submit.329769 | third-party-advisory | |
| https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2010.pdf | exploit |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Campcodes | Complete Web-Based School Management System |
Version: 1.0 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:campcodes:complete_web-based_school_management_system:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "complete_web-based_school_management_system", vendor: "campcodes", versions: [ { lessThanOrEqual: "1.0", status: "affected", version: "-", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-4523", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-05-06T19:30:28.950041Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:56:13.462Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T20:40:47.374Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "VDB-263126 | Campcodes Complete Web-Based School Management System teacher_attendance_history1.php cross site scripting", tags: [ "vdb-entry", "technical-description", "x_transferred", ], url: "https://vuldb.com/?id.263126", }, { name: "VDB-263126 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", "x_transferred", ], url: "https://vuldb.com/?ctiid.263126", }, { name: "Submit #329769 | Campcodes Complete Web-Based School Management System ≤1.0 XSS injection", tags: [ "third-party-advisory", "x_transferred", ], url: "https://vuldb.com/?submit.329769", }, { tags: [ "exploit", "x_transferred", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2010.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Complete Web-Based School Management System", vendor: "Campcodes", versions: [ { status: "affected", version: "1.0", }, ], }, ], credits: [ { lang: "en", type: "reporter", value: "SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)", }, ], descriptions: [ { lang: "en", value: "A vulnerability, which was classified as problematic, has been found in Campcodes Complete Web-Based School Management System 1.0. Affected by this issue is some unknown functionality of the file /view/teacher_attendance_history1.php. The manipulation of the argument year leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-263126 is the identifier assigned to this vulnerability.", }, { lang: "de", value: "Eine problematische Schwachstelle wurde in Campcodes Complete Web-Based School Management System 1.0 entdeckt. Es geht hierbei um eine nicht näher spezifizierte Funktion der Datei /view/teacher_attendance_history1.php. Mittels Manipulieren des Arguments year mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung.", }, ], metrics: [ { cvssV3_1: { baseScore: 3.5, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, }, { cvssV3_0: { baseScore: 3.5, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.0", }, }, { cvssV2_0: { baseScore: 4, vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Cross Site Scripting", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-06T05:00:05.183Z", orgId: "1af790b2-7ee1-4545-860a-a788eba489b5", shortName: "VulDB", }, references: [ { name: "VDB-263126 | Campcodes Complete Web-Based School Management System teacher_attendance_history1.php cross site scripting", tags: [ "vdb-entry", "technical-description", ], url: "https://vuldb.com/?id.263126", }, { name: "VDB-263126 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", ], url: "https://vuldb.com/?ctiid.263126", }, { name: "Submit #329769 | Campcodes Complete Web-Based School Management System ≤1.0 XSS injection", tags: [ "third-party-advisory", ], url: "https://vuldb.com/?submit.329769", }, { tags: [ "exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2010.pdf", }, ], timeline: [ { lang: "en", time: "2024-05-05T00:00:00.000Z", value: "Advisory disclosed", }, { lang: "en", time: "2024-05-05T02:00:00.000Z", value: "VulDB entry created", }, { lang: "en", time: "2024-05-05T16:41:54.000Z", value: "VulDB entry last update", }, ], title: "Campcodes Complete Web-Based School Management System teacher_attendance_history1.php cross site scripting", }, }, cveMetadata: { assignerOrgId: "1af790b2-7ee1-4545-860a-a788eba489b5", assignerShortName: "VulDB", cveId: "CVE-2024-4523", datePublished: "2024-05-06T05:00:05.183Z", dateReserved: "2024-05-05T14:36:32.592Z", dateUpdated: "2024-08-01T20:40:47.374Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-33807
Vulnerability from cvelistv5
Published
2024-05-28 15:51
Modified
2025-02-13 15:52
Severity ?
EPSS score ?
Summary
A SQL injection vulnerability in /model/get_teacher_timetable.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the grade parameter.
References
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", ], defaultStatus: "affected", product: "complete_web-based_school_management_system", vendor: "campcodes", versions: [ { status: "affected", version: "1.0", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-33807", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-06-06T15:25:22.619048Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-89", description: "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-06T15:27:11.135Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T02:36:04.614Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2019.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "A SQL injection vulnerability in /model/get_teacher_timetable.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the grade parameter.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-28T15:51:53.375Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2019.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-33807", datePublished: "2024-05-28T15:51:52.990Z", dateReserved: "2024-04-26T00:00:00.000Z", dateUpdated: "2025-02-13T15:52:50.888Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-33403
Vulnerability from cvelistv5
Published
2024-05-06 00:00
Modified
2024-11-13 17:23
Severity ?
EPSS score ?
Summary
A SQL injection vulnerability in /model/get_events.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the event_id parameter.
References
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "complete_web-based_school_management_system", vendor: "campcodes", versions: [ { status: "affected", version: "1.0", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-33403", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-13T17:23:05.699567Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-89", description: "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-13T17:23:56.610Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T02:27:53.636Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%202.pdf", }, { tags: [ "x_transferred", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2010.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "A SQL injection vulnerability in /model/get_events.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the event_id parameter.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-28T17:58:57.855487", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%202.pdf", }, { url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2010.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-33403", datePublished: "2024-05-06T00:00:00", dateReserved: "2024-04-23T00:00:00", dateUpdated: "2024-11-13T17:23:56.610Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-33404
Vulnerability from cvelistv5
Published
2024-05-06 00:00
Modified
2024-08-02 02:27
Severity ?
EPSS score ?
Summary
A SQL injection vulnerability in /model/add_student_first_payment.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the index parameter.
References
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:school_management_system_project:school_management_system:1.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "school_management_system", vendor: "school_management_system_project", versions: [ { status: "affected", version: "1.0", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 8.3, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", version: "3.1", }, }, { other: { content: { id: "CVE-2024-33404", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-05-07T14:49:10.780793Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-89", description: "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-04T17:45:26.055Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T02:27:53.685Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%203.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "A SQL injection vulnerability in /model/add_student_first_payment.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the index parameter.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-06T17:38:20.505855", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%203.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-33404", datePublished: "2024-05-06T00:00:00", dateReserved: "2024-04-23T00:00:00", dateUpdated: "2024-08-02T02:27:53.685Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-4715
Vulnerability from cvelistv5
Published
2024-05-10 12:00
Modified
2024-08-01 20:47
Severity ?
5.3 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
EPSS score ?
Summary
A vulnerability, which was classified as problematic, was found in Campcodes Complete Web-Based School Management System 1.0. This affects an unknown part of the file /model/update_grade.php. The manipulation of the argument name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263793 was assigned to this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.263793 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.263793 | signature, permissions-required | |
| https://vuldb.com/?submit.331881 | third-party-advisory | |
| https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2038.pdf | exploit |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Campcodes | Complete Web-Based School Management System |
Version: 1.0 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-4715", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-05-10T18:30:42.438646Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:56:28.550Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T20:47:41.779Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "VDB-263793 | Campcodes Complete Web-Based School Management System update_grade.php cross site scripting", tags: [ "vdb-entry", "technical-description", "x_transferred", ], url: "https://vuldb.com/?id.263793", }, { name: "VDB-263793 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", "x_transferred", ], url: "https://vuldb.com/?ctiid.263793", }, { name: "Submit #331881 | Campcodes Complete Web-Based School Management System ≤1.0 XSS injection", tags: [ "third-party-advisory", "x_transferred", ], url: "https://vuldb.com/?submit.331881", }, { tags: [ "exploit", "x_transferred", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2038.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Complete Web-Based School Management System", vendor: "Campcodes", versions: [ { status: "affected", version: "1.0", }, ], }, ], credits: [ { lang: "en", type: "reporter", value: "SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)", }, ], descriptions: [ { lang: "en", value: "A vulnerability, which was classified as problematic, was found in Campcodes Complete Web-Based School Management System 1.0. This affects an unknown part of the file /model/update_grade.php. The manipulation of the argument name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263793 was assigned to this vulnerability.", }, { lang: "de", value: "Es wurde eine problematische Schwachstelle in Campcodes Complete Web-Based School Management System 1.0 gefunden. Dabei betrifft es einen unbekannter Codeteil der Datei /model/update_grade.php. Mit der Manipulation des Arguments name mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.", }, ], metrics: [ { cvssV4_0: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", version: "4.0", }, }, { cvssV3_1: { baseScore: 3.5, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, }, { cvssV3_0: { baseScore: 3.5, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.0", }, }, { cvssV2_0: { baseScore: 4, vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Cross Site Scripting", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-10T12:00:06.077Z", orgId: "1af790b2-7ee1-4545-860a-a788eba489b5", shortName: "VulDB", }, references: [ { name: "VDB-263793 | Campcodes Complete Web-Based School Management System update_grade.php cross site scripting", tags: [ "vdb-entry", "technical-description", ], url: "https://vuldb.com/?id.263793", }, { name: "VDB-263793 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", ], url: "https://vuldb.com/?ctiid.263793", }, { name: "Submit #331881 | Campcodes Complete Web-Based School Management System ≤1.0 XSS injection", tags: [ "third-party-advisory", ], url: "https://vuldb.com/?submit.331881", }, { tags: [ "exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2038.pdf", }, ], timeline: [ { lang: "en", time: "2024-05-10T00:00:00.000Z", value: "Advisory disclosed", }, { lang: "en", time: "2024-05-10T02:00:00.000Z", value: "VulDB entry created", }, { lang: "en", time: "2024-05-10T07:43:18.000Z", value: "VulDB entry last update", }, ], title: "Campcodes Complete Web-Based School Management System update_grade.php cross site scripting", }, }, cveMetadata: { assignerOrgId: "1af790b2-7ee1-4545-860a-a788eba489b5", assignerShortName: "VulDB", cveId: "CVE-2024-4715", datePublished: "2024-05-10T12:00:06.077Z", dateReserved: "2024-05-10T05:37:48.722Z", dateUpdated: "2024-08-01T20:47:41.779Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-4650
Vulnerability from cvelistv5
Published
2024-05-08 13:31
Modified
2024-08-01 20:47
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
EPSS score ?
Summary
A vulnerability classified as problematic was found in Campcodes Complete Web-Based School Management System 1.0. This vulnerability affects unknown code of the file /view/student_due_payment.php. The manipulation of the argument due_month leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-263494 is the identifier assigned to this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.263494 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.263494 | signature, permissions-required | |
| https://vuldb.com/?submit.330124 | third-party-advisory | |
| https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2019.pdf | exploit |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Campcodes | Complete Web-Based School Management System |
Version: 1.0 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "complete_web-based_school_management_system", vendor: "campcodes", versions: [ { status: "affected", version: "1.0", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-4650", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-05-08T15:48:26.634735Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:56:29.000Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T20:47:41.185Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "VDB-263494 | Campcodes Complete Web-Based School Management System student_due_payment.php cross site scripting", tags: [ "vdb-entry", "technical-description", "x_transferred", ], url: "https://vuldb.com/?id.263494", }, { name: "VDB-263494 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", "x_transferred", ], url: "https://vuldb.com/?ctiid.263494", }, { name: "Submit #330124 | Campcodes Complete Web-Based School Management System ≤1.0 XSS injection", tags: [ "third-party-advisory", "x_transferred", ], url: "https://vuldb.com/?submit.330124", }, { tags: [ "exploit", "x_transferred", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2019.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Complete Web-Based School Management System", vendor: "Campcodes", versions: [ { status: "affected", version: "1.0", }, ], }, ], credits: [ { lang: "en", type: "reporter", value: "SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)", }, ], descriptions: [ { lang: "en", value: "A vulnerability classified as problematic was found in Campcodes Complete Web-Based School Management System 1.0. This vulnerability affects unknown code of the file /view/student_due_payment.php. The manipulation of the argument due_month leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-263494 is the identifier assigned to this vulnerability.", }, { lang: "de", value: "In Campcodes Complete Web-Based School Management System 1.0 wurde eine Schwachstelle entdeckt. Sie wurde als problematisch eingestuft. Hierbei betrifft es unbekannten Programmcode der Datei /view/student_due_payment.php. Dank der Manipulation des Arguments due_month mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung.", }, ], metrics: [ { cvssV3_1: { baseScore: 3.5, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, }, { cvssV3_0: { baseScore: 3.5, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.0", }, }, { cvssV2_0: { baseScore: 4, vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Cross Site Scripting", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-08T13:31:07.133Z", orgId: "1af790b2-7ee1-4545-860a-a788eba489b5", shortName: "VulDB", }, references: [ { name: "VDB-263494 | Campcodes Complete Web-Based School Management System student_due_payment.php cross site scripting", tags: [ "vdb-entry", "technical-description", ], url: "https://vuldb.com/?id.263494", }, { name: "VDB-263494 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", ], url: "https://vuldb.com/?ctiid.263494", }, { name: "Submit #330124 | Campcodes Complete Web-Based School Management System ≤1.0 XSS injection", tags: [ "third-party-advisory", ], url: "https://vuldb.com/?submit.330124", }, { tags: [ "exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2019.pdf", }, ], timeline: [ { lang: "en", time: "2024-05-08T00:00:00.000Z", value: "Advisory disclosed", }, { lang: "en", time: "2024-05-08T02:00:00.000Z", value: "VulDB entry created", }, { lang: "en", time: "2024-05-08T08:02:47.000Z", value: "VulDB entry last update", }, ], title: "Campcodes Complete Web-Based School Management System student_due_payment.php cross site scripting", }, }, cveMetadata: { assignerOrgId: "1af790b2-7ee1-4545-860a-a788eba489b5", assignerShortName: "VulDB", cveId: "CVE-2024-4650", datePublished: "2024-05-08T13:31:07.133Z", dateReserved: "2024-05-08T05:57:30.100Z", dateUpdated: "2024-08-01T20:47:41.185Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-34928
Vulnerability from cvelistv5
Published
2024-05-23 16:23
Modified
2025-02-13 15:53
Severity ?
EPSS score ?
Summary
A SQL injection vulnerability in /model/update_subject_routing.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the grade parameter.
References
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "complete_web-based_school_management_system", vendor: "campcodes", versions: [ { status: "affected", version: "1.0", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, }, { other: { content: { id: "CVE-2024-34928", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-05-24T16:25:37.973306Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-89", description: "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-04T17:42:43.521Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T02:59:22.679Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2025.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "A SQL injection vulnerability in /model/update_subject_routing.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the grade parameter.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-23T16:23:35.213Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2025.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-34928", datePublished: "2024-05-23T16:23:34.729Z", dateReserved: "2024-05-09T00:00:00.000Z", dateUpdated: "2025-02-13T15:53:34.459Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-5236
Vulnerability from cvelistv5
Published
2024-05-23 05:00
Modified
2024-08-01 21:03
Severity ?
5.3 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
EPSS score ?
Summary
A vulnerability classified as critical was found in Campcodes Complete Web-Based School Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /view/teacher_salary_invoice1.php. The manipulation of the argument date leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-265987.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.265987 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.265987 | signature, permissions-required | |
| https://vuldb.com/?submit.339812 | third-party-advisory | |
| https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2026.pdf | exploit |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Campcodes | Complete Web-Based School Management System |
Version: 1.0 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "complete_web-based_school_management_system", vendor: "campcodes", versions: [ { status: "affected", version: "1.0", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-5236", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-07-09T19:25:51.248053Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-10T16:37:02.789Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T21:03:11.123Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "VDB-265987 | Campcodes Complete Web-Based School Management System teacher_salary_invoice1.php sql injection", tags: [ "vdb-entry", "technical-description", "x_transferred", ], url: "https://vuldb.com/?id.265987", }, { name: "VDB-265987 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", "x_transferred", ], url: "https://vuldb.com/?ctiid.265987", }, { name: "Submit #339812 | Campcodes Complete Web-Based School Management System ≤1.0 SQL Injection", tags: [ "third-party-advisory", "x_transferred", ], url: "https://vuldb.com/?submit.339812", }, { tags: [ "exploit", "x_transferred", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2026.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Complete Web-Based School Management System", vendor: "Campcodes", versions: [ { status: "affected", version: "1.0", }, ], }, ], credits: [ { lang: "en", type: "reporter", value: "SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)", }, ], descriptions: [ { lang: "en", value: "A vulnerability classified as critical was found in Campcodes Complete Web-Based School Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /view/teacher_salary_invoice1.php. The manipulation of the argument date leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-265987.", }, { lang: "de", value: "In Campcodes Complete Web-Based School Management System 1.0 wurde eine kritische Schwachstelle entdeckt. Betroffen ist eine unbekannte Verarbeitung der Datei /view/teacher_salary_invoice1.php. Durch das Manipulieren des Arguments date mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.", }, ], metrics: [ { cvssV4_0: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", version: "4.0", }, }, { cvssV3_1: { baseScore: 6.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, }, { cvssV3_0: { baseScore: 6.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, }, { cvssV2_0: { baseScore: 6.5, vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-89", description: "CWE-89 SQL Injection", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-23T05:00:06.727Z", orgId: "1af790b2-7ee1-4545-860a-a788eba489b5", shortName: "VulDB", }, references: [ { name: "VDB-265987 | Campcodes Complete Web-Based School Management System teacher_salary_invoice1.php sql injection", tags: [ "vdb-entry", "technical-description", ], url: "https://vuldb.com/?id.265987", }, { name: "VDB-265987 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", ], url: "https://vuldb.com/?ctiid.265987", }, { name: "Submit #339812 | Campcodes Complete Web-Based School Management System ≤1.0 SQL Injection", tags: [ "third-party-advisory", ], url: "https://vuldb.com/?submit.339812", }, { tags: [ "exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2026.pdf", }, ], timeline: [ { lang: "en", time: "2024-05-22T00:00:00.000Z", value: "Advisory disclosed", }, { lang: "en", time: "2024-05-22T02:00:00.000Z", value: "VulDB entry created", }, { lang: "en", time: "2024-05-22T22:37:19.000Z", value: "VulDB entry last update", }, ], title: "Campcodes Complete Web-Based School Management System teacher_salary_invoice1.php sql injection", }, }, cveMetadata: { assignerOrgId: "1af790b2-7ee1-4545-860a-a788eba489b5", assignerShortName: "VulDB", cveId: "CVE-2024-5236", datePublished: "2024-05-23T05:00:06.727Z", dateReserved: "2024-05-22T20:31:54.067Z", dateUpdated: "2024-08-01T21:03:11.123Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-33800
Vulnerability from cvelistv5
Published
2024-05-28 15:47
Modified
2025-02-13 15:52
Severity ?
EPSS score ?
Summary
A SQL injection vulnerability in /model/get_student1.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the index parameter.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T02:36:04.807Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2015.pdf", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "complete_web-based_school_management_system", vendor: "campcodes", versions: [ { status: "affected", version: "1.0", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-33800", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-04T19:56:42.625030Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-89", description: "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-04T19:57:43.107Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "A SQL injection vulnerability in /model/get_student1.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the index parameter.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-28T15:47:32.004Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2015.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-33800", datePublished: "2024-05-28T15:47:31.694Z", dateReserved: "2024-04-26T00:00:00.000Z", dateUpdated: "2025-02-13T15:52:46.694Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-4646
Vulnerability from cvelistv5
Published
2024-05-08 12:31
Modified
2024-08-01 20:47
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
EPSS score ?
Summary
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file /view/student_payment_details.php. The manipulation of the argument index leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-263490 is the identifier assigned to this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.263490 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.263490 | signature, permissions-required | |
| https://vuldb.com/?submit.330120 | third-party-advisory | |
| https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2015.pdf | exploit |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Campcodes | Complete Web-Based School Management System |
Version: 1.0 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-4646", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-05-08T14:15:31.980773Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:56:29.909Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T20:47:41.263Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "VDB-263490 | Campcodes Complete Web-Based School Management System student_payment_details.php cross site scripting", tags: [ "vdb-entry", "technical-description", "x_transferred", ], url: "https://vuldb.com/?id.263490", }, { name: "VDB-263490 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", "x_transferred", ], url: "https://vuldb.com/?ctiid.263490", }, { name: "Submit #330120 | Campcodes Complete Web-Based School Management System ≤1.0 XSS injection", tags: [ "third-party-advisory", "x_transferred", ], url: "https://vuldb.com/?submit.330120", }, { tags: [ "exploit", "x_transferred", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2015.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Complete Web-Based School Management System", vendor: "Campcodes", versions: [ { status: "affected", version: "1.0", }, ], }, ], credits: [ { lang: "en", type: "reporter", value: "SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)", }, ], descriptions: [ { lang: "en", value: "A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file /view/student_payment_details.php. The manipulation of the argument index leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-263490 is the identifier assigned to this vulnerability.", }, { lang: "de", value: "Es wurde eine problematische Schwachstelle in Campcodes Complete Web-Based School Management System 1.0 ausgemacht. Es betrifft eine unbekannte Funktion der Datei /view/student_payment_details.php. Durch das Manipulieren des Arguments index mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.", }, ], metrics: [ { cvssV3_1: { baseScore: 3.5, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, }, { cvssV3_0: { baseScore: 3.5, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.0", }, }, { cvssV2_0: { baseScore: 4, vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Cross Site Scripting", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-08T12:31:06.342Z", orgId: "1af790b2-7ee1-4545-860a-a788eba489b5", shortName: "VulDB", }, references: [ { name: "VDB-263490 | Campcodes Complete Web-Based School Management System student_payment_details.php cross site scripting", tags: [ "vdb-entry", "technical-description", ], url: "https://vuldb.com/?id.263490", }, { name: "VDB-263490 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", ], url: "https://vuldb.com/?ctiid.263490", }, { name: "Submit #330120 | Campcodes Complete Web-Based School Management System ≤1.0 XSS injection", tags: [ "third-party-advisory", ], url: "https://vuldb.com/?submit.330120", }, { tags: [ "exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2015.pdf", }, ], timeline: [ { lang: "en", time: "2024-05-08T00:00:00.000Z", value: "Advisory disclosed", }, { lang: "en", time: "2024-05-08T02:00:00.000Z", value: "VulDB entry created", }, { lang: "en", time: "2024-05-08T08:02:41.000Z", value: "VulDB entry last update", }, ], title: "Campcodes Complete Web-Based School Management System student_payment_details.php cross site scripting", }, }, cveMetadata: { assignerOrgId: "1af790b2-7ee1-4545-860a-a788eba489b5", assignerShortName: "VulDB", cveId: "CVE-2024-4646", datePublished: "2024-05-08T12:31:06.342Z", dateReserved: "2024-05-08T05:57:18.993Z", dateUpdated: "2024-08-01T20:47:41.263Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-4908
Vulnerability from cvelistv5
Published
2024-05-15 19:00
Modified
2024-08-01 20:55
Severity ?
5.3 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
EPSS score ?
Summary
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /view/student_attendance_history1.php. The manipulation of the argument index leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-264443.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.264443 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.264443 | signature, permissions-required | |
| https://vuldb.com/?submit.333294 | third-party-advisory | |
| https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%204.pdf | exploit |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Campcodes | Complete Web-Based School Management System |
Version: 1.0 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "complete_web-based_school_management_system", vendor: "campcodes", versions: [ { status: "affected", version: "1.0", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-4908", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-05-16T17:05:34.696589Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:55:43.088Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T20:55:10.259Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "VDB-264443 | Campcodes Complete Web-Based School Management System student_attendance_history1.php sql injection", tags: [ "vdb-entry", "technical-description", "x_transferred", ], url: "https://vuldb.com/?id.264443", }, { name: "VDB-264443 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", "x_transferred", ], url: "https://vuldb.com/?ctiid.264443", }, { name: "Submit #333294 | Campcodes Complete Web-Based School Management System ≤1.0 SQL Injection", tags: [ "third-party-advisory", "x_transferred", ], url: "https://vuldb.com/?submit.333294", }, { tags: [ "exploit", "x_transferred", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%204.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Complete Web-Based School Management System", vendor: "Campcodes", versions: [ { status: "affected", version: "1.0", }, ], }, ], credits: [ { lang: "en", type: "reporter", value: "SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)", }, ], descriptions: [ { lang: "en", value: "A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /view/student_attendance_history1.php. The manipulation of the argument index leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-264443.", }, { lang: "de", value: "Eine kritische Schwachstelle wurde in Campcodes Complete Web-Based School Management System 1.0 gefunden. Betroffen davon ist ein unbekannter Prozess der Datei /view/student_attendance_history1.php. Durch die Manipulation des Arguments index mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.", }, ], metrics: [ { cvssV4_0: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", version: "4.0", }, }, { cvssV3_1: { baseScore: 6.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, }, { cvssV3_0: { baseScore: 6.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, }, { cvssV2_0: { baseScore: 6.5, vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-89", description: "CWE-89 SQL Injection", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-15T19:00:04.698Z", orgId: "1af790b2-7ee1-4545-860a-a788eba489b5", shortName: "VulDB", }, references: [ { name: "VDB-264443 | Campcodes Complete Web-Based School Management System student_attendance_history1.php sql injection", tags: [ "vdb-entry", "technical-description", ], url: "https://vuldb.com/?id.264443", }, { name: "VDB-264443 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", ], url: "https://vuldb.com/?ctiid.264443", }, { name: "Submit #333294 | Campcodes Complete Web-Based School Management System ≤1.0 SQL Injection", tags: [ "third-party-advisory", ], url: "https://vuldb.com/?submit.333294", }, { tags: [ "exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%204.pdf", }, ], timeline: [ { lang: "en", time: "2024-05-15T00:00:00.000Z", value: "Advisory disclosed", }, { lang: "en", time: "2024-05-15T02:00:00.000Z", value: "VulDB entry created", }, { lang: "en", time: "2024-05-15T13:22:25.000Z", value: "VulDB entry last update", }, ], title: "Campcodes Complete Web-Based School Management System student_attendance_history1.php sql injection", }, }, cveMetadata: { assignerOrgId: "1af790b2-7ee1-4545-860a-a788eba489b5", assignerShortName: "VulDB", cveId: "CVE-2024-4908", datePublished: "2024-05-15T19:00:04.698Z", dateReserved: "2024-05-15T11:17:06.886Z", dateUpdated: "2024-08-01T20:55:10.259Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-33802
Vulnerability from cvelistv5
Published
2024-05-28 15:49
Modified
2025-02-13 15:52
Severity ?
EPSS score ?
Summary
A SQL injection vulnerability in /model/get_student_subject.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the index parameter.
References
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "complete_web-based_school_management_system", vendor: "campcodes", versions: [ { status: "affected", version: "1.0", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-33802", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-07-29T14:58:27.525095Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-89", description: "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-29T15:01:14.617Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T02:36:04.560Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2014.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "A SQL injection vulnerability in /model/get_student_subject.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the index parameter.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-28T15:49:09.820Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2014.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-33802", datePublished: "2024-05-28T15:49:09.545Z", dateReserved: "2024-04-26T00:00:00.000Z", dateUpdated: "2025-02-13T15:52:47.811Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-33410
Vulnerability from cvelistv5
Published
2024-05-06 00:00
Modified
2024-08-02 02:27
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in /model/delete_range_grade.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the id parameter.
References
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:campcodes:complete_web-based_school_management_system:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "complete_web-based_school_management_system", vendor: "campcodes", versions: [ { status: "affected", version: "1.0", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-33410", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-05-07T15:02:51.035333Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-89", description: "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-04T17:44:01.604Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T02:27:53.625Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%205.pdf", }, { tags: [ "x_transferred", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%209.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "SQL injection vulnerability in /model/delete_range_grade.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the id parameter.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-28T18:08:08.313696", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%205.pdf", }, { url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%209.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-33410", datePublished: "2024-05-06T00:00:00", dateReserved: "2024-04-23T00:00:00", dateUpdated: "2024-08-02T02:27:53.625Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-5233
Vulnerability from cvelistv5
Published
2024-05-23 04:31
Modified
2024-08-01 21:03
Severity ?
5.3 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
EPSS score ?
Summary
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /view/teacher_salary_details3.php. The manipulation of the argument index leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-265984.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.265984 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.265984 | signature, permissions-required | |
| https://vuldb.com/?submit.339809 | third-party-advisory | |
| https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2023.pdf | exploit |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Campcodes | Complete Web-Based School Management System |
Version: 1.0 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "complete_web-based_school_management_system", vendor: "campcodes", versions: [ { status: "affected", version: "1.0", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-5233", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-05-23T19:20:23.757746Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T18:02:19.401Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T21:03:11.032Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "VDB-265984 | Campcodes Complete Web-Based School Management System teacher_salary_details3.php sql injection", tags: [ "vdb-entry", "technical-description", "x_transferred", ], url: "https://vuldb.com/?id.265984", }, { name: "VDB-265984 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", "x_transferred", ], url: "https://vuldb.com/?ctiid.265984", }, { name: "Submit #339809 | Campcodes Complete Web-Based School Management System ≤1.0 SQL Injection", tags: [ "third-party-advisory", "x_transferred", ], url: "https://vuldb.com/?submit.339809", }, { tags: [ "exploit", "x_transferred", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2023.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Complete Web-Based School Management System", vendor: "Campcodes", versions: [ { status: "affected", version: "1.0", }, ], }, ], credits: [ { lang: "en", type: "reporter", value: "SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)", }, ], descriptions: [ { lang: "en", value: "A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /view/teacher_salary_details3.php. The manipulation of the argument index leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-265984.", }, { lang: "de", value: "In Campcodes Complete Web-Based School Management System 1.0 wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Hierbei betrifft es unbekannten Programmcode der Datei /view/teacher_salary_details3.php. Durch Manipulation des Arguments index mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung.", }, ], metrics: [ { cvssV4_0: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", version: "4.0", }, }, { cvssV3_1: { baseScore: 6.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, }, { cvssV3_0: { baseScore: 6.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, }, { cvssV2_0: { baseScore: 6.5, vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-89", description: "CWE-89 SQL Injection", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-23T04:31:03.834Z", orgId: "1af790b2-7ee1-4545-860a-a788eba489b5", shortName: "VulDB", }, references: [ { name: "VDB-265984 | Campcodes Complete Web-Based School Management System teacher_salary_details3.php sql injection", tags: [ "vdb-entry", "technical-description", ], url: "https://vuldb.com/?id.265984", }, { name: "VDB-265984 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", ], url: "https://vuldb.com/?ctiid.265984", }, { name: "Submit #339809 | Campcodes Complete Web-Based School Management System ≤1.0 SQL Injection", tags: [ "third-party-advisory", ], url: "https://vuldb.com/?submit.339809", }, { tags: [ "exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2023.pdf", }, ], timeline: [ { lang: "en", time: "2024-05-22T00:00:00.000Z", value: "Advisory disclosed", }, { lang: "en", time: "2024-05-22T02:00:00.000Z", value: "VulDB entry created", }, { lang: "en", time: "2024-05-22T22:37:15.000Z", value: "VulDB entry last update", }, ], title: "Campcodes Complete Web-Based School Management System teacher_salary_details3.php sql injection", }, }, cveMetadata: { assignerOrgId: "1af790b2-7ee1-4545-860a-a788eba489b5", assignerShortName: "VulDB", cveId: "CVE-2024-5233", datePublished: "2024-05-23T04:31:03.834Z", dateReserved: "2024-05-22T20:31:45.497Z", dateUpdated: "2024-08-01T21:03:11.032Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-33409
Vulnerability from cvelistv5
Published
2024-05-06 00:00
Modified
2024-12-03 19:47
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in index.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the name parameter.
References
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "complete_web-based_school_management_system", vendor: "campcodes", versions: [ { status: "affected", version: "1.0", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-33409", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-12-03T19:46:27.895326Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-89", description: "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-03T19:47:27.329Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T02:27:53.646Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%201.pdf", }, { tags: [ "x_transferred", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%208.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "SQL injection vulnerability in index.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the name parameter.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-28T18:07:06.922718", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%201.pdf", }, { url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%208.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-33409", datePublished: "2024-05-06T00:00:00", dateReserved: "2024-04-23T00:00:00", dateUpdated: "2024-12-03T19:47:27.329Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-33801
Vulnerability from cvelistv5
Published
2024-05-28 15:48
Modified
2025-02-13 15:52
Severity ?
EPSS score ?
Summary
A SQL injection vulnerability in /model/get_subject_routing.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the id parameter.
References
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "complete_web-based_school_management_system", vendor: "campcodes", versions: [ { status: "affected", version: "1.0", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-33801", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-05-29T16:17:51.582088Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-89", description: "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-04T17:44:09.925Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T02:36:04.617Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2017.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "A SQL injection vulnerability in /model/get_subject_routing.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the id parameter.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-28T15:48:22.872Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2017.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-33801", datePublished: "2024-05-28T15:48:22.517Z", dateReserved: "2024-04-26T00:00:00.000Z", dateUpdated: "2025-02-13T15:52:47.265Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-4909
Vulnerability from cvelistv5
Published
2024-05-15 19:00
Modified
2024-08-01 20:55
Severity ?
5.3 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
EPSS score ?
Summary
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /view/student_due_payment.php. The manipulation of the argument due_year leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-264444.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.264444 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.264444 | signature, permissions-required | |
| https://vuldb.com/?submit.333295 | third-party-advisory | |
| https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%205.pdf | exploit |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Campcodes | Complete Web-Based School Management System |
Version: 1.0 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-4909", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-05-16T16:01:49.617960Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:54:53.005Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T20:55:10.231Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "VDB-264444 | Campcodes Complete Web-Based School Management System student_due_payment.php sql injection", tags: [ "vdb-entry", "technical-description", "x_transferred", ], url: "https://vuldb.com/?id.264444", }, { name: "VDB-264444 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", "x_transferred", ], url: "https://vuldb.com/?ctiid.264444", }, { name: "Submit #333295 | Campcodes Complete Web-Based School Management System ≤1.0 SQL Injection", tags: [ "third-party-advisory", "x_transferred", ], url: "https://vuldb.com/?submit.333295", }, { tags: [ "exploit", "x_transferred", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%205.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Complete Web-Based School Management System", vendor: "Campcodes", versions: [ { status: "affected", version: "1.0", }, ], }, ], credits: [ { lang: "en", type: "reporter", value: "SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)", }, ], descriptions: [ { lang: "en", value: "A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /view/student_due_payment.php. The manipulation of the argument due_year leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-264444.", }, { lang: "de", value: "Es wurde eine kritische Schwachstelle in Campcodes Complete Web-Based School Management System 1.0 ausgemacht. Betroffen hiervon ist ein unbekannter Ablauf der Datei /view/student_due_payment.php. Durch Manipulation des Arguments due_year mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung.", }, ], metrics: [ { cvssV4_0: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", version: "4.0", }, }, { cvssV3_1: { baseScore: 6.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, }, { cvssV3_0: { baseScore: 6.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, }, { cvssV2_0: { baseScore: 6.5, vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-89", description: "CWE-89 SQL Injection", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-15T19:00:06.294Z", orgId: "1af790b2-7ee1-4545-860a-a788eba489b5", shortName: "VulDB", }, references: [ { name: "VDB-264444 | Campcodes Complete Web-Based School Management System student_due_payment.php sql injection", tags: [ "vdb-entry", "technical-description", ], url: "https://vuldb.com/?id.264444", }, { name: "VDB-264444 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", ], url: "https://vuldb.com/?ctiid.264444", }, { name: "Submit #333295 | Campcodes Complete Web-Based School Management System ≤1.0 SQL Injection", tags: [ "third-party-advisory", ], url: "https://vuldb.com/?submit.333295", }, { tags: [ "exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%205.pdf", }, ], timeline: [ { lang: "en", time: "2024-05-15T00:00:00.000Z", value: "Advisory disclosed", }, { lang: "en", time: "2024-05-15T02:00:00.000Z", value: "VulDB entry created", }, { lang: "en", time: "2024-05-15T13:22:26.000Z", value: "VulDB entry last update", }, ], title: "Campcodes Complete Web-Based School Management System student_due_payment.php sql injection", }, }, cveMetadata: { assignerOrgId: "1af790b2-7ee1-4545-860a-a788eba489b5", assignerShortName: "VulDB", cveId: "CVE-2024-4909", datePublished: "2024-05-15T19:00:06.294Z", dateReserved: "2024-05-15T11:17:09.654Z", dateUpdated: "2024-08-01T20:55:10.231Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-4525
Vulnerability from cvelistv5
Published
2024-05-06 05:31
Modified
2024-08-01 20:40
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
EPSS score ?
Summary
A vulnerability has been found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /view/student_payment_details4.php. The manipulation of the argument index leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263128.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.263128 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.263128 | signature, permissions-required | |
| https://vuldb.com/?submit.329771 | third-party-advisory | |
| https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2012.pdf | exploit |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Campcodes | Complete Web-Based School Management System |
Version: 1.0 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-4525", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-05-13T13:44:13.777279Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:55:01.981Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T20:40:47.430Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "VDB-263128 | Campcodes Complete Web-Based School Management System student_payment_details4.php cross site scripting", tags: [ "vdb-entry", "technical-description", "x_transferred", ], url: "https://vuldb.com/?id.263128", }, { name: "VDB-263128 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", "x_transferred", ], url: "https://vuldb.com/?ctiid.263128", }, { name: "Submit #329771 | Campcodes Complete Web-Based School Management System ≤1.0 XSS injection", tags: [ "third-party-advisory", "x_transferred", ], url: "https://vuldb.com/?submit.329771", }, { tags: [ "exploit", "x_transferred", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2012.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Complete Web-Based School Management System", vendor: "Campcodes", versions: [ { status: "affected", version: "1.0", }, ], }, ], credits: [ { lang: "en", type: "reporter", value: "SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)", }, ], descriptions: [ { lang: "en", value: "A vulnerability has been found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /view/student_payment_details4.php. The manipulation of the argument index leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263128.", }, { lang: "de", value: "In Campcodes Complete Web-Based School Management System 1.0 wurde eine problematische Schwachstelle gefunden. Dabei geht es um eine nicht genauer bekannte Funktion der Datei /view/student_payment_details4.php. Durch Manipulieren des Arguments index mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.", }, ], metrics: [ { cvssV3_1: { baseScore: 3.5, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, }, { cvssV3_0: { baseScore: 3.5, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.0", }, }, { cvssV2_0: { baseScore: 4, vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Cross Site Scripting", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-06T05:31:05.952Z", orgId: "1af790b2-7ee1-4545-860a-a788eba489b5", shortName: "VulDB", }, references: [ { name: "VDB-263128 | Campcodes Complete Web-Based School Management System student_payment_details4.php cross site scripting", tags: [ "vdb-entry", "technical-description", ], url: "https://vuldb.com/?id.263128", }, { name: "VDB-263128 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", ], url: "https://vuldb.com/?ctiid.263128", }, { name: "Submit #329771 | Campcodes Complete Web-Based School Management System ≤1.0 XSS injection", tags: [ "third-party-advisory", ], url: "https://vuldb.com/?submit.329771", }, { tags: [ "exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2012.pdf", }, ], timeline: [ { lang: "en", time: "2024-05-05T00:00:00.000Z", value: "Advisory disclosed", }, { lang: "en", time: "2024-05-05T02:00:00.000Z", value: "VulDB entry created", }, { lang: "en", time: "2024-05-05T16:41:57.000Z", value: "VulDB entry last update", }, ], title: "Campcodes Complete Web-Based School Management System student_payment_details4.php cross site scripting", }, }, cveMetadata: { assignerOrgId: "1af790b2-7ee1-4545-860a-a788eba489b5", assignerShortName: "VulDB", cveId: "CVE-2024-4525", datePublished: "2024-05-06T05:31:05.952Z", dateReserved: "2024-05-05T14:36:37.638Z", dateUpdated: "2024-08-01T20:40:47.430Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-4717
Vulnerability from cvelistv5
Published
2024-05-10 14:00
Modified
2024-08-01 20:47
Severity ?
5.3 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
EPSS score ?
Summary
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /model/update_classroom.php. The manipulation of the argument name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263795.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.263795 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.263795 | signature, permissions-required | |
| https://vuldb.com/?submit.331883 | third-party-advisory | |
| https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2040.pdf | exploit |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Campcodes | Complete Web-Based School Management System |
Version: 1.0 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "complete_web-based_school_management_system", vendor: "campcodes", versions: [ { status: "affected", version: "1.0", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-4717", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-05-10T19:13:57.811933Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-30T14:51:02.468Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T20:47:41.753Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "VDB-263795 | Campcodes Complete Web-Based School Management System update_classroom.php cross site scripting", tags: [ "vdb-entry", "technical-description", "x_transferred", ], url: "https://vuldb.com/?id.263795", }, { name: "VDB-263795 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", "x_transferred", ], url: "https://vuldb.com/?ctiid.263795", }, { name: "Submit #331883 | Campcodes Complete Web-Based School Management System ≤1.0 XSS injection", tags: [ "third-party-advisory", "x_transferred", ], url: "https://vuldb.com/?submit.331883", }, { tags: [ "exploit", "x_transferred", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2040.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Complete Web-Based School Management System", vendor: "Campcodes", versions: [ { status: "affected", version: "1.0", }, ], }, ], credits: [ { lang: "en", type: "reporter", value: "SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)", }, ], descriptions: [ { lang: "en", value: "A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /model/update_classroom.php. The manipulation of the argument name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263795.", }, { lang: "de", value: "Eine problematische Schwachstelle wurde in Campcodes Complete Web-Based School Management System 1.0 gefunden. Davon betroffen ist unbekannter Code der Datei /model/update_classroom.php. Durch Manipulation des Arguments name mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.", }, ], metrics: [ { cvssV4_0: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", version: "4.0", }, }, { cvssV3_1: { baseScore: 3.5, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, }, { cvssV3_0: { baseScore: 3.5, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.0", }, }, { cvssV2_0: { baseScore: 4, vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Cross Site Scripting", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-10T14:00:06.390Z", orgId: "1af790b2-7ee1-4545-860a-a788eba489b5", shortName: "VulDB", }, references: [ { name: "VDB-263795 | Campcodes Complete Web-Based School Management System update_classroom.php cross site scripting", tags: [ "vdb-entry", "technical-description", ], url: "https://vuldb.com/?id.263795", }, { name: "VDB-263795 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", ], url: "https://vuldb.com/?ctiid.263795", }, { name: "Submit #331883 | Campcodes Complete Web-Based School Management System ≤1.0 XSS injection", tags: [ "third-party-advisory", ], url: "https://vuldb.com/?submit.331883", }, { tags: [ "exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2040.pdf", }, ], timeline: [ { lang: "en", time: "2024-05-10T00:00:00.000Z", value: "Advisory disclosed", }, { lang: "en", time: "2024-05-10T02:00:00.000Z", value: "VulDB entry created", }, { lang: "en", time: "2024-05-10T07:43:21.000Z", value: "VulDB entry last update", }, ], title: "Campcodes Complete Web-Based School Management System update_classroom.php cross site scripting", }, }, cveMetadata: { assignerOrgId: "1af790b2-7ee1-4545-860a-a788eba489b5", assignerShortName: "VulDB", cveId: "CVE-2024-4717", datePublished: "2024-05-10T14:00:06.390Z", dateReserved: "2024-05-10T05:37:53.996Z", dateUpdated: "2024-08-01T20:47:41.753Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-34930
Vulnerability from cvelistv5
Published
2024-05-23 16:26
Modified
2025-02-13 15:53
Severity ?
EPSS score ?
Summary
A SQL injection vulnerability in /model/all_events1.php in Campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the month parameter.
References
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:campcodes:complete_web-based_school_management_system:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "complete_web-based_school_management_system", vendor: "campcodes", versions: [ { status: "affected", version: "1.0", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, }, { other: { content: { id: "CVE-2024-34930", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-06-26T17:45:32.685319Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-89", description: "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-26T17:48:39.089Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T02:59:22.618Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2026.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "A SQL injection vulnerability in /model/all_events1.php in Campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the month parameter.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-23T16:26:05.275Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2026.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-34930", datePublished: "2024-05-23T16:26:04.192Z", dateReserved: "2024-05-09T00:00:00.000Z", dateUpdated: "2025-02-13T15:53:35.936Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-5112
Vulnerability from cvelistv5
Published
2024-05-20 02:00
Modified
2024-08-01 21:03
Severity ?
5.3 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
EPSS score ?
Summary
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /view/student_profile.php. The manipulation of the argument std_index leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-265102 is the identifier assigned to this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.265102 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.265102 | signature, permissions-required | |
| https://vuldb.com/?submit.338516 | third-party-advisory | |
| https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2017.pdf | exploit |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Campcodes | Complete Web-Based School Management System |
Version: 1.0 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "complete_web-based_school_management_system", vendor: "campcodes", versions: [ { status: "affected", version: "1.0", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-5112", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-05-20T12:04:42.950294Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T18:03:01.329Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T21:03:10.871Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "VDB-265102 | Campcodes Complete Web-Based School Management System student_profile.php sql injection", tags: [ "vdb-entry", "technical-description", "x_transferred", ], url: "https://vuldb.com/?id.265102", }, { name: "VDB-265102 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", "x_transferred", ], url: "https://vuldb.com/?ctiid.265102", }, { name: "Submit #338516 | Campcodes Complete Web-Based School Management System ≤1.0 SQL Injection", tags: [ "third-party-advisory", "x_transferred", ], url: "https://vuldb.com/?submit.338516", }, { tags: [ "exploit", "x_transferred", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2017.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Complete Web-Based School Management System", vendor: "Campcodes", versions: [ { status: "affected", version: "1.0", }, ], }, ], credits: [ { lang: "en", type: "reporter", value: "SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)", }, ], descriptions: [ { lang: "en", value: "A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /view/student_profile.php. The manipulation of the argument std_index leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-265102 is the identifier assigned to this vulnerability.", }, { lang: "de", value: "In Campcodes Complete Web-Based School Management System 1.0 wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Betroffen ist eine unbekannte Verarbeitung der Datei /view/student_profile.php. Mit der Manipulation des Arguments std_index mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.", }, ], metrics: [ { cvssV4_0: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", version: "4.0", }, }, { cvssV3_1: { baseScore: 6.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, }, { cvssV3_0: { baseScore: 6.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, }, { cvssV2_0: { baseScore: 6.5, vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-89", description: "CWE-89 SQL Injection", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-20T02:00:04.760Z", orgId: "1af790b2-7ee1-4545-860a-a788eba489b5", shortName: "VulDB", }, references: [ { name: "VDB-265102 | Campcodes Complete Web-Based School Management System student_profile.php sql injection", tags: [ "vdb-entry", "technical-description", ], url: "https://vuldb.com/?id.265102", }, { name: "VDB-265102 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", ], url: "https://vuldb.com/?ctiid.265102", }, { name: "Submit #338516 | Campcodes Complete Web-Based School Management System ≤1.0 SQL Injection", tags: [ "third-party-advisory", ], url: "https://vuldb.com/?submit.338516", }, { tags: [ "exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2017.pdf", }, ], timeline: [ { lang: "en", time: "2024-05-19T00:00:00.000Z", value: "Advisory disclosed", }, { lang: "en", time: "2024-05-19T02:00:00.000Z", value: "VulDB entry created", }, { lang: "en", time: "2024-05-19T07:02:43.000Z", value: "VulDB entry last update", }, ], title: "Campcodes Complete Web-Based School Management System student_profile.php sql injection", }, }, cveMetadata: { assignerOrgId: "1af790b2-7ee1-4545-860a-a788eba489b5", assignerShortName: "VulDB", cveId: "CVE-2024-5112", datePublished: "2024-05-20T02:00:04.760Z", dateReserved: "2024-05-19T04:57:14.904Z", dateUpdated: "2024-08-01T21:03:10.871Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-4911
Vulnerability from cvelistv5
Published
2024-05-15 20:31
Modified
2024-08-01 20:55
Severity ?
5.3 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
EPSS score ?
Summary
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /view/student_exam_mark_update_form.php. The manipulation of the argument exam leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-264446 is the identifier assigned to this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.264446 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.264446 | signature, permissions-required | |
| https://vuldb.com/?submit.333297 | third-party-advisory | |
| https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%207.pdf | exploit |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Campcodes | Complete Web-Based School Management System |
Version: 1.0 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:campcodes:complete_web-based_school_management_system:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "complete_web-based_school_management_system", vendor: "campcodes", versions: [ { status: "affected", version: "1.0", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-4911", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-18T15:21:47.404655Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-18T15:23:39.010Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T20:55:10.232Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "VDB-264446 | Campcodes Complete Web-Based School Management System student_exam_mark_update_form.php sql injection", tags: [ "vdb-entry", "technical-description", "x_transferred", ], url: "https://vuldb.com/?id.264446", }, { name: "VDB-264446 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", "x_transferred", ], url: "https://vuldb.com/?ctiid.264446", }, { name: "Submit #333297 | Campcodes Complete Web-Based School Management System ≤1.0 SQL Injection", tags: [ "third-party-advisory", "x_transferred", ], url: "https://vuldb.com/?submit.333297", }, { tags: [ "exploit", "x_transferred", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%207.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Complete Web-Based School Management System", vendor: "Campcodes", versions: [ { status: "affected", version: "1.0", }, ], }, ], credits: [ { lang: "en", type: "reporter", value: "SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)", }, ], descriptions: [ { lang: "en", value: "A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /view/student_exam_mark_update_form.php. The manipulation of the argument exam leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-264446 is the identifier assigned to this vulnerability.", }, { lang: "de", value: "Eine kritische Schwachstelle wurde in Campcodes Complete Web-Based School Management System 1.0 ausgemacht. Es geht hierbei um eine nicht näher spezifizierte Funktion der Datei /view/student_exam_mark_update_form.php. Mittels Manipulieren des Arguments exam mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung.", }, ], metrics: [ { cvssV4_0: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", version: "4.0", }, }, { cvssV3_1: { baseScore: 6.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, }, { cvssV3_0: { baseScore: 6.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, }, { cvssV2_0: { baseScore: 6.5, vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-89", description: "CWE-89 SQL Injection", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-15T20:31:04.293Z", orgId: "1af790b2-7ee1-4545-860a-a788eba489b5", shortName: "VulDB", }, references: [ { name: "VDB-264446 | Campcodes Complete Web-Based School Management System student_exam_mark_update_form.php sql injection", tags: [ "vdb-entry", "technical-description", ], url: "https://vuldb.com/?id.264446", }, { name: "VDB-264446 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", ], url: "https://vuldb.com/?ctiid.264446", }, { name: "Submit #333297 | Campcodes Complete Web-Based School Management System ≤1.0 SQL Injection", tags: [ "third-party-advisory", ], url: "https://vuldb.com/?submit.333297", }, { tags: [ "exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%207.pdf", }, ], timeline: [ { lang: "en", time: "2024-05-15T00:00:00.000Z", value: "Advisory disclosed", }, { lang: "en", time: "2024-05-15T02:00:00.000Z", value: "VulDB entry created", }, { lang: "en", time: "2024-05-15T13:22:29.000Z", value: "VulDB entry last update", }, ], title: "Campcodes Complete Web-Based School Management System student_exam_mark_update_form.php sql injection", }, }, cveMetadata: { assignerOrgId: "1af790b2-7ee1-4545-860a-a788eba489b5", assignerShortName: "VulDB", cveId: "CVE-2024-4911", datePublished: "2024-05-15T20:31:04.293Z", dateReserved: "2024-05-15T11:17:15.203Z", dateUpdated: "2024-08-01T20:55:10.232Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-4720
Vulnerability from cvelistv5
Published
2024-05-10 15:00
Modified
2024-08-01 20:47
Severity ?
5.3 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
EPSS score ?
Summary
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /model/approve_petty_cash.php. The manipulation of the argument admin_index leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-263798 is the identifier assigned to this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.263798 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.263798 | signature, permissions-required | |
| https://vuldb.com/?submit.331886 | third-party-advisory | |
| https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2043.pdf | exploit |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Campcodes | Complete Web-Based School Management System |
Version: 1.0 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-4720", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-05-10T18:17:12.127310Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:53:20.643Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T20:47:41.708Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "VDB-263798 | Campcodes Complete Web-Based School Management System approve_petty_cash.php cross site scripting", tags: [ "vdb-entry", "technical-description", "x_transferred", ], url: "https://vuldb.com/?id.263798", }, { name: "VDB-263798 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", "x_transferred", ], url: "https://vuldb.com/?ctiid.263798", }, { name: "Submit #331886 | Campcodes Complete Web-Based School Management System ≤1.0 XSS injection", tags: [ "third-party-advisory", "x_transferred", ], url: "https://vuldb.com/?submit.331886", }, { tags: [ "exploit", "x_transferred", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2043.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Complete Web-Based School Management System", vendor: "Campcodes", versions: [ { status: "affected", version: "1.0", }, ], }, ], credits: [ { lang: "en", type: "reporter", value: "SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)", }, ], descriptions: [ { lang: "en", value: "A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /model/approve_petty_cash.php. The manipulation of the argument admin_index leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-263798 is the identifier assigned to this vulnerability.", }, { lang: "de", value: "Eine problematische Schwachstelle wurde in Campcodes Complete Web-Based School Management System 1.0 ausgemacht. Betroffen davon ist ein unbekannter Prozess der Datei /model/approve_petty_cash.php. Durch das Manipulieren des Arguments admin_index mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.", }, ], metrics: [ { cvssV4_0: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", version: "4.0", }, }, { cvssV3_1: { baseScore: 3.5, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, }, { cvssV3_0: { baseScore: 3.5, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.0", }, }, { cvssV2_0: { baseScore: 4, vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Cross Site Scripting", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-10T15:00:06.457Z", orgId: "1af790b2-7ee1-4545-860a-a788eba489b5", shortName: "VulDB", }, references: [ { name: "VDB-263798 | Campcodes Complete Web-Based School Management System approve_petty_cash.php cross site scripting", tags: [ "vdb-entry", "technical-description", ], url: "https://vuldb.com/?id.263798", }, { name: "VDB-263798 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", ], url: "https://vuldb.com/?ctiid.263798", }, { name: "Submit #331886 | Campcodes Complete Web-Based School Management System ≤1.0 XSS injection", tags: [ "third-party-advisory", ], url: "https://vuldb.com/?submit.331886", }, { tags: [ "exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2043.pdf", }, ], timeline: [ { lang: "en", time: "2024-05-10T00:00:00.000Z", value: "Advisory disclosed", }, { lang: "en", time: "2024-05-10T02:00:00.000Z", value: "VulDB entry created", }, { lang: "en", time: "2024-05-10T07:43:26.000Z", value: "VulDB entry last update", }, ], title: "Campcodes Complete Web-Based School Management System approve_petty_cash.php cross site scripting", }, }, cveMetadata: { assignerOrgId: "1af790b2-7ee1-4545-860a-a788eba489b5", assignerShortName: "VulDB", cveId: "CVE-2024-4720", datePublished: "2024-05-10T15:00:06.457Z", dateReserved: "2024-05-10T05:38:02.025Z", dateUpdated: "2024-08-01T20:47:41.708Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-33411
Vulnerability from cvelistv5
Published
2024-05-06 00:00
Modified
2025-02-04 16:59
Severity ?
EPSS score ?
Summary
A SQL injection vulnerability in /model/get_admin_profile.php in Campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the my_index parameter.
References
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "complete_web-based_school_management_system", vendor: "campcodes", versions: [ { status: "affected", version: "1.0", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-33411", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-05-09T17:39:51.503277Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-89", description: "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-04T16:59:21.676Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T02:27:53.631Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%208.pdf", }, { tags: [ "x_transferred", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2010.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "A SQL injection vulnerability in /model/get_admin_profile.php in Campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the my_index parameter.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-28T18:08:53.705Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%208.pdf", }, { url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2010.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-33411", datePublished: "2024-05-06T00:00:00.000Z", dateReserved: "2024-04-23T00:00:00.000Z", dateUpdated: "2025-02-04T16:59:21.676Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-4522
Vulnerability from cvelistv5
Published
2024-05-06 04:31
Modified
2024-08-01 20:40
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
EPSS score ?
Summary
A vulnerability classified as problematic was found in Campcodes Complete Web-Based School Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /view/teacher_salary_details.php. The manipulation of the argument index leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263125 was assigned to this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.263125 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.263125 | signature, permissions-required | |
| https://vuldb.com/?submit.329768 | third-party-advisory | |
| https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%209.pdf | exploit |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Campcodes | Complete Web-Based School Management System |
Version: 1.0 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-4522", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-05-24T16:21:37.678519Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:56:15.116Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T20:40:47.336Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "VDB-263125 | Campcodes Complete Web-Based School Management System teacher_salary_details.php cross site scripting", tags: [ "vdb-entry", "technical-description", "x_transferred", ], url: "https://vuldb.com/?id.263125", }, { name: "VDB-263125 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", "x_transferred", ], url: "https://vuldb.com/?ctiid.263125", }, { name: "Submit #329768 | Campcodes Complete Web-Based School Management System ≤1.0 XSS injection", tags: [ "third-party-advisory", "x_transferred", ], url: "https://vuldb.com/?submit.329768", }, { tags: [ "exploit", "x_transferred", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%209.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Complete Web-Based School Management System", vendor: "Campcodes", versions: [ { status: "affected", version: "1.0", }, ], }, ], credits: [ { lang: "en", type: "reporter", value: "SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)", }, ], descriptions: [ { lang: "en", value: "A vulnerability classified as problematic was found in Campcodes Complete Web-Based School Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /view/teacher_salary_details.php. The manipulation of the argument index leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263125 was assigned to this vulnerability.", }, { lang: "de", value: "In Campcodes Complete Web-Based School Management System 1.0 wurde eine problematische Schwachstelle entdeckt. Es geht um eine nicht näher bekannte Funktion der Datei /view/teacher_salary_details.php. Mittels dem Manipulieren des Arguments index mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.", }, ], metrics: [ { cvssV3_1: { baseScore: 3.5, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, }, { cvssV3_0: { baseScore: 3.5, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.0", }, }, { cvssV2_0: { baseScore: 4, vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Cross Site Scripting", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-06T04:31:05.116Z", orgId: "1af790b2-7ee1-4545-860a-a788eba489b5", shortName: "VulDB", }, references: [ { name: "VDB-263125 | Campcodes Complete Web-Based School Management System teacher_salary_details.php cross site scripting", tags: [ "vdb-entry", "technical-description", ], url: "https://vuldb.com/?id.263125", }, { name: "VDB-263125 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", ], url: "https://vuldb.com/?ctiid.263125", }, { name: "Submit #329768 | Campcodes Complete Web-Based School Management System ≤1.0 XSS injection", tags: [ "third-party-advisory", ], url: "https://vuldb.com/?submit.329768", }, { tags: [ "exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%209.pdf", }, ], timeline: [ { lang: "en", time: "2024-05-05T00:00:00.000Z", value: "Advisory disclosed", }, { lang: "en", time: "2024-05-05T02:00:00.000Z", value: "VulDB entry created", }, { lang: "en", time: "2024-05-05T16:41:53.000Z", value: "VulDB entry last update", }, ], title: "Campcodes Complete Web-Based School Management System teacher_salary_details.php cross site scripting", }, }, cveMetadata: { assignerOrgId: "1af790b2-7ee1-4545-860a-a788eba489b5", assignerShortName: "VulDB", cveId: "CVE-2024-4522", datePublished: "2024-05-06T04:31:05.116Z", dateReserved: "2024-05-05T14:36:29.789Z", dateUpdated: "2024-08-01T20:40:47.336Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-33799
Vulnerability from cvelistv5
Published
2024-05-28 15:46
Modified
2025-02-13 15:52
Severity ?
EPSS score ?
Summary
A SQL injection vulnerability in /model/get_teacher.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the id parameter.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T02:36:04.565Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2018.pdf", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "complete_web-based_school_management_system", vendor: "campcodes", versions: [ { status: "affected", version: "1.0", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-33799", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-08-22T18:29:41.341369Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-89", description: "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-22T18:36:13.257Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "A SQL injection vulnerability in /model/get_teacher.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the id parameter.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-28T15:46:40.947Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2018.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-33799", datePublished: "2024-05-28T15:46:40.588Z", dateReserved: "2024-04-26T00:00:00.000Z", dateUpdated: "2025-02-13T15:52:46.153Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-4906
Vulnerability from cvelistv5
Published
2024-05-15 18:31
Modified
2024-08-01 20:55
Severity ?
5.3 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
EPSS score ?
Summary
A vulnerability, which was classified as critical, was found in Campcodes Complete Web-Based School Management System 1.0. This affects an unknown part of the file /view/show_student1.php. The manipulation of the argument grade leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-264441 was assigned to this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.264441 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.264441 | signature, permissions-required | |
| https://vuldb.com/?submit.333292 | third-party-advisory | |
| https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%202.pdf | exploit |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Campcodes | Complete Web-Based School Management System |
Version: 1.0 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-4906", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-05-16T18:28:32.372132Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:54:27.006Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T20:55:10.234Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "VDB-264441 | Campcodes Complete Web-Based School Management System show_student1.php sql injection", tags: [ "vdb-entry", "technical-description", "x_transferred", ], url: "https://vuldb.com/?id.264441", }, { name: "VDB-264441 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", "x_transferred", ], url: "https://vuldb.com/?ctiid.264441", }, { name: "Submit #333292 | Campcodes Complete Web-Based School Management System ≤1.0 SQL Injection", tags: [ "third-party-advisory", "x_transferred", ], url: "https://vuldb.com/?submit.333292", }, { tags: [ "exploit", "x_transferred", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%202.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Complete Web-Based School Management System", vendor: "Campcodes", versions: [ { status: "affected", version: "1.0", }, ], }, ], credits: [ { lang: "en", type: "reporter", value: "SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)", }, ], descriptions: [ { lang: "en", value: "A vulnerability, which was classified as critical, was found in Campcodes Complete Web-Based School Management System 1.0. This affects an unknown part of the file /view/show_student1.php. The manipulation of the argument grade leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-264441 was assigned to this vulnerability.", }, { lang: "de", value: "Es wurde eine kritische Schwachstelle in Campcodes Complete Web-Based School Management System 1.0 gefunden. Hiervon betroffen ist ein unbekannter Codeblock der Datei /view/show_student1.php. Dank Manipulation des Arguments grade mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung.", }, ], metrics: [ { cvssV4_0: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", version: "4.0", }, }, { cvssV3_1: { baseScore: 6.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, }, { cvssV3_0: { baseScore: 6.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, }, { cvssV2_0: { baseScore: 6.5, vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-89", description: "CWE-89 SQL Injection", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-15T18:31:04.662Z", orgId: "1af790b2-7ee1-4545-860a-a788eba489b5", shortName: "VulDB", }, references: [ { name: "VDB-264441 | Campcodes Complete Web-Based School Management System show_student1.php sql injection", tags: [ "vdb-entry", "technical-description", ], url: "https://vuldb.com/?id.264441", }, { name: "VDB-264441 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", ], url: "https://vuldb.com/?ctiid.264441", }, { name: "Submit #333292 | Campcodes Complete Web-Based School Management System ≤1.0 SQL Injection", tags: [ "third-party-advisory", ], url: "https://vuldb.com/?submit.333292", }, { tags: [ "exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%202.pdf", }, ], timeline: [ { lang: "en", time: "2024-05-15T00:00:00.000Z", value: "Advisory disclosed", }, { lang: "en", time: "2024-05-15T02:00:00.000Z", value: "VulDB entry created", }, { lang: "en", time: "2024-05-15T13:22:21.000Z", value: "VulDB entry last update", }, ], title: "Campcodes Complete Web-Based School Management System show_student1.php sql injection", }, }, cveMetadata: { assignerOrgId: "1af790b2-7ee1-4545-860a-a788eba489b5", assignerShortName: "VulDB", cveId: "CVE-2024-4906", datePublished: "2024-05-15T18:31:04.662Z", dateReserved: "2024-05-15T11:17:02.423Z", dateUpdated: "2024-08-01T20:55:10.234Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-33805
Vulnerability from cvelistv5
Published
2024-05-28 15:50
Modified
2025-02-13 15:52
Severity ?
EPSS score ?
Summary
A SQL injection vulnerability in /model/get_student.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the id parameter.
References
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "complete_web-based_school_management_system", vendor: "campcodes", versions: [ { status: "affected", version: "1.0", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-33805", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-05-30T18:40:56.105092Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-89", description: "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-04T17:45:23.041Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T02:36:04.599Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2013.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "A SQL injection vulnerability in /model/get_student.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the id parameter.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-28T15:50:46.119Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2013.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-33805", datePublished: "2024-05-28T15:50:45.809Z", dateReserved: "2024-04-26T00:00:00.000Z", dateUpdated: "2025-02-13T15:52:49.706Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-5111
Vulnerability from cvelistv5
Published
2024-05-20 01:31
Modified
2024-08-01 21:03
Severity ?
5.3 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
EPSS score ?
Summary
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been classified as critical. This affects an unknown part of the file /view/student_payment_invoice1.php. The manipulation of the argument date leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-265101 was assigned to this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.265101 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.265101 | signature, permissions-required | |
| https://vuldb.com/?submit.338515 | third-party-advisory | |
| https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2016.pdf | exploit |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Campcodes | Complete Web-Based School Management System |
Version: 1.0 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "complete_web-based_school_management_system", vendor: "campcodes", versions: [ { status: "affected", version: "1.0", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-5111", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-05-20T19:00:20.226197Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T18:01:42.022Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T21:03:10.663Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "VDB-265101 | Campcodes Complete Web-Based School Management System student_payment_invoice1.php sql injection", tags: [ "vdb-entry", "technical-description", "x_transferred", ], url: "https://vuldb.com/?id.265101", }, { name: "VDB-265101 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", "x_transferred", ], url: "https://vuldb.com/?ctiid.265101", }, { name: "Submit #338515 | Campcodes Complete Web-Based School Management System ≤1.0 SQL Injection", tags: [ "third-party-advisory", "x_transferred", ], url: "https://vuldb.com/?submit.338515", }, { tags: [ "exploit", "x_transferred", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2016.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Complete Web-Based School Management System", vendor: "Campcodes", versions: [ { status: "affected", version: "1.0", }, ], }, ], credits: [ { lang: "en", type: "reporter", value: "SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)", }, ], descriptions: [ { lang: "en", value: "A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been classified as critical. This affects an unknown part of the file /view/student_payment_invoice1.php. The manipulation of the argument date leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-265101 was assigned to this vulnerability.", }, { lang: "de", value: "Es wurde eine Schwachstelle in Campcodes Complete Web-Based School Management System 1.0 ausgemacht. Sie wurde als kritisch eingestuft. Hiervon betroffen ist ein unbekannter Codeblock der Datei /view/student_payment_invoice1.php. Dank Manipulation des Arguments date mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung.", }, ], metrics: [ { cvssV4_0: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", version: "4.0", }, }, { cvssV3_1: { baseScore: 6.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, }, { cvssV3_0: { baseScore: 6.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, }, { cvssV2_0: { baseScore: 6.5, vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-89", description: "CWE-89 SQL Injection", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-20T01:31:03.941Z", orgId: "1af790b2-7ee1-4545-860a-a788eba489b5", shortName: "VulDB", }, references: [ { name: "VDB-265101 | Campcodes Complete Web-Based School Management System student_payment_invoice1.php sql injection", tags: [ "vdb-entry", "technical-description", ], url: "https://vuldb.com/?id.265101", }, { name: "VDB-265101 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", ], url: "https://vuldb.com/?ctiid.265101", }, { name: "Submit #338515 | Campcodes Complete Web-Based School Management System ≤1.0 SQL Injection", tags: [ "third-party-advisory", ], url: "https://vuldb.com/?submit.338515", }, { tags: [ "exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2016.pdf", }, ], timeline: [ { lang: "en", time: "2024-05-19T00:00:00.000Z", value: "Advisory disclosed", }, { lang: "en", time: "2024-05-19T02:00:00.000Z", value: "VulDB entry created", }, { lang: "en", time: "2024-05-19T07:02:41.000Z", value: "VulDB entry last update", }, ], title: "Campcodes Complete Web-Based School Management System student_payment_invoice1.php sql injection", }, }, cveMetadata: { assignerOrgId: "1af790b2-7ee1-4545-860a-a788eba489b5", assignerShortName: "VulDB", cveId: "CVE-2024-5111", datePublished: "2024-05-20T01:31:03.941Z", dateReserved: "2024-05-19T04:57:12.232Z", dateUpdated: "2024-08-01T21:03:10.663Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-5235
Vulnerability from cvelistv5
Published
2024-05-23 05:00
Modified
2024-08-01 21:03
Severity ?
5.3 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
EPSS score ?
Summary
A vulnerability classified as critical has been found in Campcodes Complete Web-Based School Management System 1.0. Affected is an unknown function of the file /view/teacher_salary_invoice.php. The manipulation of the argument teacher_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-265986 is the identifier assigned to this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.265986 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.265986 | signature, permissions-required | |
| https://vuldb.com/?submit.339811 | third-party-advisory | |
| https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2025.pdf | exploit |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Campcodes | Complete Web-Based School Management System |
Version: 1.0 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-5235", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-05-23T19:39:54.291854Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T18:01:52.413Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T21:03:11.052Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "VDB-265986 | Campcodes Complete Web-Based School Management System teacher_salary_invoice.php sql injection", tags: [ "vdb-entry", "technical-description", "x_transferred", ], url: "https://vuldb.com/?id.265986", }, { name: "VDB-265986 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", "x_transferred", ], url: "https://vuldb.com/?ctiid.265986", }, { name: "Submit #339811 | Campcodes Complete Web-Based School Management System ≤1.0 SQL Injection", tags: [ "third-party-advisory", "x_transferred", ], url: "https://vuldb.com/?submit.339811", }, { tags: [ "exploit", "x_transferred", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2025.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Complete Web-Based School Management System", vendor: "Campcodes", versions: [ { status: "affected", version: "1.0", }, ], }, ], credits: [ { lang: "en", type: "reporter", value: "SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)", }, ], descriptions: [ { lang: "en", value: "A vulnerability classified as critical has been found in Campcodes Complete Web-Based School Management System 1.0. Affected is an unknown function of the file /view/teacher_salary_invoice.php. The manipulation of the argument teacher_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-265986 is the identifier assigned to this vulnerability.", }, { lang: "de", value: "Es wurde eine kritische Schwachstelle in Campcodes Complete Web-Based School Management System 1.0 entdeckt. Hiervon betroffen ist ein unbekannter Codeblock der Datei /view/teacher_salary_invoice.php. Mittels Manipulieren des Arguments teacher_id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung.", }, ], metrics: [ { cvssV4_0: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", version: "4.0", }, }, { cvssV3_1: { baseScore: 6.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, }, { cvssV3_0: { baseScore: 6.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, }, { cvssV2_0: { baseScore: 6.5, vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-89", description: "CWE-89 SQL Injection", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-23T05:00:05.167Z", orgId: "1af790b2-7ee1-4545-860a-a788eba489b5", shortName: "VulDB", }, references: [ { name: "VDB-265986 | Campcodes Complete Web-Based School Management System teacher_salary_invoice.php sql injection", tags: [ "vdb-entry", "technical-description", ], url: "https://vuldb.com/?id.265986", }, { name: "VDB-265986 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", ], url: "https://vuldb.com/?ctiid.265986", }, { name: "Submit #339811 | Campcodes Complete Web-Based School Management System ≤1.0 SQL Injection", tags: [ "third-party-advisory", ], url: "https://vuldb.com/?submit.339811", }, { tags: [ "exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2025.pdf", }, ], timeline: [ { lang: "en", time: "2024-05-22T00:00:00.000Z", value: "Advisory disclosed", }, { lang: "en", time: "2024-05-22T02:00:00.000Z", value: "VulDB entry created", }, { lang: "en", time: "2024-05-22T22:37:18.000Z", value: "VulDB entry last update", }, ], title: "Campcodes Complete Web-Based School Management System teacher_salary_invoice.php sql injection", }, }, cveMetadata: { assignerOrgId: "1af790b2-7ee1-4545-860a-a788eba489b5", assignerShortName: "VulDB", cveId: "CVE-2024-5235", datePublished: "2024-05-23T05:00:05.167Z", dateReserved: "2024-05-22T20:31:51.036Z", dateUpdated: "2024-08-01T21:03:11.052Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-34932
Vulnerability from cvelistv5
Published
2024-05-23 16:33
Modified
2025-02-13 15:53
Severity ?
EPSS score ?
Summary
A SQL injection vulnerability in /model/update_exam.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the name parameter.
References
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "complete_web-based_school_management_system", vendor: "campcodes", versions: [ { status: "affected", version: "1.0", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-34932", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-20T15:38:28.287380Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-89", description: "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-20T15:39:10.953Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T02:59:22.610Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2022.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "A SQL injection vulnerability in /model/update_exam.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the name parameter.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-23T16:33:14.811Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2022.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-34932", datePublished: "2024-05-23T16:33:14.447Z", dateReserved: "2024-05-09T00:00:00.000Z", dateUpdated: "2025-02-13T15:53:37.006Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-4651
Vulnerability from cvelistv5
Published
2024-05-08 14:00
Modified
2024-08-01 20:47
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
EPSS score ?
Summary
A vulnerability, which was classified as problematic, has been found in Campcodes Complete Web-Based School Management System 1.0. This issue affects some unknown processing of the file /view/student_attendance_history1.php. The manipulation of the argument year leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263495.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.263495 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.263495 | signature, permissions-required | |
| https://vuldb.com/?submit.330125 | third-party-advisory | |
| https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2020.pdf | exploit |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Campcodes | Complete Web-Based School Management System |
Version: 1.0 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-4651", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-06-20T19:52:35.823557Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-20T19:52:52.655Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T20:47:41.674Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "VDB-263495 | Campcodes Complete Web-Based School Management System student_attendance_history1.php cross site scripting", tags: [ "vdb-entry", "technical-description", "x_transferred", ], url: "https://vuldb.com/?id.263495", }, { name: "VDB-263495 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", "x_transferred", ], url: "https://vuldb.com/?ctiid.263495", }, { name: "Submit #330125 | Campcodes Complete Web-Based School Management System ≤1.0 XSS injection", tags: [ "third-party-advisory", "x_transferred", ], url: "https://vuldb.com/?submit.330125", }, { tags: [ "exploit", "x_transferred", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2020.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Complete Web-Based School Management System", vendor: "Campcodes", versions: [ { status: "affected", version: "1.0", }, ], }, ], credits: [ { lang: "en", type: "reporter", value: "SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)", }, ], descriptions: [ { lang: "en", value: "A vulnerability, which was classified as problematic, has been found in Campcodes Complete Web-Based School Management System 1.0. This issue affects some unknown processing of the file /view/student_attendance_history1.php. The manipulation of the argument year leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263495.", }, { lang: "de", value: "Eine Schwachstelle wurde in Campcodes Complete Web-Based School Management System 1.0 entdeckt. Sie wurde als problematisch eingestuft. Davon betroffen ist unbekannter Code der Datei /view/student_attendance_history1.php. Dank Manipulation des Arguments year mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.", }, ], metrics: [ { cvssV3_1: { baseScore: 3.5, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, }, { cvssV3_0: { baseScore: 3.5, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.0", }, }, { cvssV2_0: { baseScore: 4, vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Cross Site Scripting", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-08T14:00:04.423Z", orgId: "1af790b2-7ee1-4545-860a-a788eba489b5", shortName: "VulDB", }, references: [ { name: "VDB-263495 | Campcodes Complete Web-Based School Management System student_attendance_history1.php cross site scripting", tags: [ "vdb-entry", "technical-description", ], url: "https://vuldb.com/?id.263495", }, { name: "VDB-263495 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", ], url: "https://vuldb.com/?ctiid.263495", }, { name: "Submit #330125 | Campcodes Complete Web-Based School Management System ≤1.0 XSS injection", tags: [ "third-party-advisory", ], url: "https://vuldb.com/?submit.330125", }, { tags: [ "exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2020.pdf", }, ], timeline: [ { lang: "en", time: "2024-05-08T00:00:00.000Z", value: "Advisory disclosed", }, { lang: "en", time: "2024-05-08T02:00:00.000Z", value: "VulDB entry created", }, { lang: "en", time: "2024-05-08T08:02:48.000Z", value: "VulDB entry last update", }, ], title: "Campcodes Complete Web-Based School Management System student_attendance_history1.php cross site scripting", }, }, cveMetadata: { assignerOrgId: "1af790b2-7ee1-4545-860a-a788eba489b5", assignerShortName: "VulDB", cveId: "CVE-2024-4651", datePublished: "2024-05-08T14:00:04.423Z", dateReserved: "2024-05-08T05:57:32.745Z", dateUpdated: "2024-08-01T20:47:41.674Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-5104
Vulnerability from cvelistv5
Published
2024-05-19 22:00
Modified
2024-08-01 21:03
Severity ?
5.3 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
EPSS score ?
Summary
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /view/student_grade_wise.php. The manipulation of the argument grade leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-265094 is the identifier assigned to this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.265094 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.265094 | signature, permissions-required | |
| https://vuldb.com/?submit.338507 | third-party-advisory | |
| https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%209.pdf | exploit |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Campcodes | Complete Web-Based School Management System |
Version: 1.0 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:campcodes:complete_web-based_school_management_system:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "complete_web-based_school_management_system", vendor: "campcodes", versions: [ { status: "affected", version: "1.0", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-5104", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-05-20T14:47:01.057720Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T18:03:00.099Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T21:03:10.559Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "VDB-265094 | Campcodes Complete Web-Based School Management System student_grade_wise.php sql injection", tags: [ "vdb-entry", "technical-description", "x_transferred", ], url: "https://vuldb.com/?id.265094", }, { name: "VDB-265094 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", "x_transferred", ], url: "https://vuldb.com/?ctiid.265094", }, { name: "Submit #338507 | Campcodes Complete Web-Based School Management System ≤1.0 SQL Injection", tags: [ "third-party-advisory", "x_transferred", ], url: "https://vuldb.com/?submit.338507", }, { tags: [ "exploit", "x_transferred", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%209.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Complete Web-Based School Management System", vendor: "Campcodes", versions: [ { status: "affected", version: "1.0", }, ], }, ], credits: [ { lang: "en", type: "reporter", value: "SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)", }, ], descriptions: [ { lang: "en", value: "A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /view/student_grade_wise.php. The manipulation of the argument grade leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-265094 is the identifier assigned to this vulnerability.", }, { lang: "de", value: "Eine kritische Schwachstelle wurde in Campcodes Complete Web-Based School Management System 1.0 ausgemacht. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Datei /view/student_grade_wise.php. Mittels dem Manipulieren des Arguments grade mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung.", }, ], metrics: [ { cvssV4_0: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", version: "4.0", }, }, { cvssV3_1: { baseScore: 6.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, }, { cvssV3_0: { baseScore: 6.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, }, { cvssV2_0: { baseScore: 6.5, vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-89", description: "CWE-89 SQL Injection", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-19T22:00:04.318Z", orgId: "1af790b2-7ee1-4545-860a-a788eba489b5", shortName: "VulDB", }, references: [ { name: "VDB-265094 | Campcodes Complete Web-Based School Management System student_grade_wise.php sql injection", tags: [ "vdb-entry", "technical-description", ], url: "https://vuldb.com/?id.265094", }, { name: "VDB-265094 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", ], url: "https://vuldb.com/?ctiid.265094", }, { name: "Submit #338507 | Campcodes Complete Web-Based School Management System ≤1.0 SQL Injection", tags: [ "third-party-advisory", ], url: "https://vuldb.com/?submit.338507", }, { tags: [ "exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%209.pdf", }, ], timeline: [ { lang: "en", time: "2024-05-19T00:00:00.000Z", value: "Advisory disclosed", }, { lang: "en", time: "2024-05-19T02:00:00.000Z", value: "VulDB entry created", }, { lang: "en", time: "2024-05-19T07:02:31.000Z", value: "VulDB entry last update", }, ], title: "Campcodes Complete Web-Based School Management System student_grade_wise.php sql injection", }, }, cveMetadata: { assignerOrgId: "1af790b2-7ee1-4545-860a-a788eba489b5", assignerShortName: "VulDB", cveId: "CVE-2024-5104", datePublished: "2024-05-19T22:00:04.318Z", dateReserved: "2024-05-19T04:56:51.860Z", dateUpdated: "2024-08-01T21:03:10.559Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-5103
Vulnerability from cvelistv5
Published
2024-05-19 20:31
Modified
2024-08-01 21:03
Severity ?
5.3 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
EPSS score ?
Summary
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /view/student_first_payment.php. The manipulation of the argument grade leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-265093 was assigned to this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.265093 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.265093 | signature, permissions-required | |
| https://vuldb.com/?submit.338506 | third-party-advisory | |
| https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%208.pdf | exploit |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Campcodes | Complete Web-Based School Management System |
Version: 1.0 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-5103", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-05-20T17:10:43.487343Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T18:02:32.829Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T21:03:10.768Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "VDB-265093 | Campcodes Complete Web-Based School Management System student_first_payment.php sql injection", tags: [ "vdb-entry", "technical-description", "x_transferred", ], url: "https://vuldb.com/?id.265093", }, { name: "VDB-265093 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", "x_transferred", ], url: "https://vuldb.com/?ctiid.265093", }, { name: "Submit #338506 | Campcodes Complete Web-Based School Management System ≤1.0 SQL Injection", tags: [ "third-party-advisory", "x_transferred", ], url: "https://vuldb.com/?submit.338506", }, { tags: [ "exploit", "x_transferred", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%208.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Complete Web-Based School Management System", vendor: "Campcodes", versions: [ { status: "affected", version: "1.0", }, ], }, ], credits: [ { lang: "en", type: "reporter", value: "SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)", }, ], descriptions: [ { lang: "en", value: "A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /view/student_first_payment.php. The manipulation of the argument grade leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-265093 was assigned to this vulnerability.", }, { lang: "de", value: "In Campcodes Complete Web-Based School Management System 1.0 wurde eine kritische Schwachstelle ausgemacht. Dabei geht es um eine nicht genauer bekannte Funktion der Datei /view/student_first_payment.php. Durch Manipulation des Arguments grade mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.", }, ], metrics: [ { cvssV4_0: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", version: "4.0", }, }, { cvssV3_1: { baseScore: 6.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, }, { cvssV3_0: { baseScore: 6.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, }, { cvssV2_0: { baseScore: 6.5, vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-89", description: "CWE-89 SQL Injection", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-19T20:31:04.330Z", orgId: "1af790b2-7ee1-4545-860a-a788eba489b5", shortName: "VulDB", }, references: [ { name: "VDB-265093 | Campcodes Complete Web-Based School Management System student_first_payment.php sql injection", tags: [ "vdb-entry", "technical-description", ], url: "https://vuldb.com/?id.265093", }, { name: "VDB-265093 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", ], url: "https://vuldb.com/?ctiid.265093", }, { name: "Submit #338506 | Campcodes Complete Web-Based School Management System ≤1.0 SQL Injection", tags: [ "third-party-advisory", ], url: "https://vuldb.com/?submit.338506", }, { tags: [ "exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%208.pdf", }, ], timeline: [ { lang: "en", time: "2024-05-19T00:00:00.000Z", value: "Advisory disclosed", }, { lang: "en", time: "2024-05-19T02:00:00.000Z", value: "VulDB entry created", }, { lang: "en", time: "2024-05-19T07:02:29.000Z", value: "VulDB entry last update", }, ], title: "Campcodes Complete Web-Based School Management System student_first_payment.php sql injection", }, }, cveMetadata: { assignerOrgId: "1af790b2-7ee1-4545-860a-a788eba489b5", assignerShortName: "VulDB", cveId: "CVE-2024-5103", datePublished: "2024-05-19T20:31:04.330Z", dateReserved: "2024-05-19T04:56:49.242Z", dateUpdated: "2024-08-01T21:03:10.768Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-4673
Vulnerability from cvelistv5
Published
2024-05-09 10:00
Modified
2024-08-01 20:47
Severity ?
5.3 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
EPSS score ?
Summary
A vulnerability, which was classified as problematic, has been found in Campcodes Complete Web-Based School Management System 1.0. Affected by this issue is some unknown functionality of the file /view/show_student_grade_subject.php. The manipulation of the argument id leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-263594 is the identifier assigned to this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.263594 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.263594 | signature, permissions-required | |
| https://vuldb.com/?submit.331308 | third-party-advisory | |
| https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2023.pdf | exploit |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Campcodes | Complete Web-Based School Management System |
Version: 1.0 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-4673", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-05-09T15:37:31.600503Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:53:27.873Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T20:47:41.274Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "VDB-263594 | Campcodes Complete Web-Based School Management System show_student_grade_subject.php cross site scripting", tags: [ "vdb-entry", "technical-description", "x_transferred", ], url: "https://vuldb.com/?id.263594", }, { name: "VDB-263594 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", "x_transferred", ], url: "https://vuldb.com/?ctiid.263594", }, { name: "Submit #331308 | Campcodes Complete Web-Based School Management System ≤1.0 XSS injection", tags: [ "third-party-advisory", "x_transferred", ], url: "https://vuldb.com/?submit.331308", }, { tags: [ "exploit", "x_transferred", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2023.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Complete Web-Based School Management System", vendor: "Campcodes", versions: [ { status: "affected", version: "1.0", }, ], }, ], credits: [ { lang: "en", type: "reporter", value: "SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)", }, ], descriptions: [ { lang: "en", value: "A vulnerability, which was classified as problematic, has been found in Campcodes Complete Web-Based School Management System 1.0. Affected by this issue is some unknown functionality of the file /view/show_student_grade_subject.php. The manipulation of the argument id leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-263594 is the identifier assigned to this vulnerability.", }, { lang: "de", value: "Eine problematische Schwachstelle wurde in Campcodes Complete Web-Based School Management System 1.0 entdeckt. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Datei /view/show_student_grade_subject.php. Dank Manipulation des Arguments id mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung.", }, ], metrics: [ { cvssV4_0: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", version: "4.0", }, }, { cvssV3_1: { baseScore: 3.5, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, }, { cvssV3_0: { baseScore: 3.5, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.0", }, }, { cvssV2_0: { baseScore: 4, vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Cross Site Scripting", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-09T10:00:05.386Z", orgId: "1af790b2-7ee1-4545-860a-a788eba489b5", shortName: "VulDB", }, references: [ { name: "VDB-263594 | Campcodes Complete Web-Based School Management System show_student_grade_subject.php cross site scripting", tags: [ "vdb-entry", "technical-description", ], url: "https://vuldb.com/?id.263594", }, { name: "VDB-263594 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", ], url: "https://vuldb.com/?ctiid.263594", }, { name: "Submit #331308 | Campcodes Complete Web-Based School Management System ≤1.0 XSS injection", tags: [ "third-party-advisory", ], url: "https://vuldb.com/?submit.331308", }, { tags: [ "exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2023.pdf", }, ], timeline: [ { lang: "en", time: "2024-05-08T00:00:00.000Z", value: "Advisory disclosed", }, { lang: "en", time: "2024-05-08T02:00:00.000Z", value: "VulDB entry created", }, { lang: "en", time: "2024-05-09T05:41:01.000Z", value: "VulDB entry last update", }, ], title: "Campcodes Complete Web-Based School Management System show_student_grade_subject.php cross site scripting", }, }, cveMetadata: { assignerOrgId: "1af790b2-7ee1-4545-860a-a788eba489b5", assignerShortName: "VulDB", cveId: "CVE-2024-4673", datePublished: "2024-05-09T10:00:05.386Z", dateReserved: "2024-05-09T03:35:39.211Z", dateUpdated: "2024-08-01T20:47:41.274Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-4515
Vulnerability from cvelistv5
Published
2024-05-06 02:00
Modified
2024-08-01 20:40
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
EPSS score ?
Summary
A vulnerability has been found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /view/timetable_grade_wise.php. The manipulation of the argument grade leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263119.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.263119 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.263119 | signature, permissions-required | |
| https://vuldb.com/?submit.329696 | third-party-advisory | |
| https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%203.pdf | exploit |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Campcodes | Complete Web-Based School Management System |
Version: 1.0 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:campcodes:complete_web-based_school_management_system:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "complete_web-based_school_management_system", vendor: "campcodes", versions: [ { status: "affected", version: "1.0", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-4515", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-05-07T14:51:04.569199Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:55:52.780Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T20:40:47.423Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "VDB-263119 | Campcodes Complete Web-Based School Management System timetable_grade_wise.php cross site scripting", tags: [ "vdb-entry", "technical-description", "x_transferred", ], url: "https://vuldb.com/?id.263119", }, { name: "VDB-263119 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", "x_transferred", ], url: "https://vuldb.com/?ctiid.263119", }, { name: "Submit #329696 | Campcodes Complete Web-Based School Management System ≤1.0 XSS injection", tags: [ "third-party-advisory", "x_transferred", ], url: "https://vuldb.com/?submit.329696", }, { tags: [ "exploit", "x_transferred", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%203.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Complete Web-Based School Management System", vendor: "Campcodes", versions: [ { status: "affected", version: "1.0", }, ], }, ], credits: [ { lang: "en", type: "reporter", value: "SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)", }, ], descriptions: [ { lang: "en", value: "A vulnerability has been found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /view/timetable_grade_wise.php. The manipulation of the argument grade leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263119.", }, { lang: "de", value: "In Campcodes Complete Web-Based School Management System 1.0 wurde eine Schwachstelle gefunden. Sie wurde als problematisch eingestuft. Hierbei betrifft es unbekannten Programmcode der Datei /view/timetable_grade_wise.php. Durch Beeinflussen des Arguments grade mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung.", }, ], metrics: [ { cvssV3_1: { baseScore: 3.5, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, }, { cvssV3_0: { baseScore: 3.5, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.0", }, }, { cvssV2_0: { baseScore: 4, vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Cross Site Scripting", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-06T02:00:06.414Z", orgId: "1af790b2-7ee1-4545-860a-a788eba489b5", shortName: "VulDB", }, references: [ { name: "VDB-263119 | Campcodes Complete Web-Based School Management System timetable_grade_wise.php cross site scripting", tags: [ "vdb-entry", "technical-description", ], url: "https://vuldb.com/?id.263119", }, { name: "VDB-263119 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", ], url: "https://vuldb.com/?ctiid.263119", }, { name: "Submit #329696 | Campcodes Complete Web-Based School Management System ≤1.0 XSS injection", tags: [ "third-party-advisory", ], url: "https://vuldb.com/?submit.329696", }, { tags: [ "exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%203.pdf", }, ], timeline: [ { lang: "en", time: "2024-05-05T00:00:00.000Z", value: "Advisory disclosed", }, { lang: "en", time: "2024-05-05T02:00:00.000Z", value: "VulDB entry created", }, { lang: "en", time: "2024-05-05T13:35:11.000Z", value: "VulDB entry last update", }, ], title: "Campcodes Complete Web-Based School Management System timetable_grade_wise.php cross site scripting", }, }, cveMetadata: { assignerOrgId: "1af790b2-7ee1-4545-860a-a788eba489b5", assignerShortName: "VulDB", cveId: "CVE-2024-4515", datePublished: "2024-05-06T02:00:06.414Z", dateReserved: "2024-05-05T11:29:44.339Z", dateUpdated: "2024-08-01T20:40:47.423Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-4521
Vulnerability from cvelistv5
Published
2024-05-06 04:31
Modified
2024-08-01 20:40
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
EPSS score ?
Summary
A vulnerability classified as problematic has been found in Campcodes Complete Web-Based School Management System 1.0. Affected is an unknown function of the file /view/teacher_salary_details2.php. The manipulation of the argument index leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263124.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.263124 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.263124 | signature, permissions-required | |
| https://vuldb.com/?submit.329767 | third-party-advisory | |
| https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%208.pdf | exploit |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Campcodes | Complete Web-Based School Management System |
Version: 1.0 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "complete_web-based_school_management_system", vendor: "campcodes", versions: [ { status: "affected", version: "1.0", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-4521", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-05-09T20:03:20.787875Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:53:13.988Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T20:40:47.453Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "VDB-263124 | Campcodes Complete Web-Based School Management System teacher_salary_details2.php cross site scripting", tags: [ "vdb-entry", "technical-description", "x_transferred", ], url: "https://vuldb.com/?id.263124", }, { name: "VDB-263124 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", "x_transferred", ], url: "https://vuldb.com/?ctiid.263124", }, { name: "Submit #329767 | Campcodes Complete Web-Based School Management System ≤1.0 XSS injection", tags: [ "third-party-advisory", "x_transferred", ], url: "https://vuldb.com/?submit.329767", }, { tags: [ "exploit", "x_transferred", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%208.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Complete Web-Based School Management System", vendor: "Campcodes", versions: [ { status: "affected", version: "1.0", }, ], }, ], credits: [ { lang: "en", type: "reporter", value: "SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)", }, ], descriptions: [ { lang: "en", value: "A vulnerability classified as problematic has been found in Campcodes Complete Web-Based School Management System 1.0. Affected is an unknown function of the file /view/teacher_salary_details2.php. The manipulation of the argument index leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263124.", }, { lang: "de", value: "Es wurde eine problematische Schwachstelle in Campcodes Complete Web-Based School Management System 1.0 entdeckt. Betroffen hiervon ist ein unbekannter Ablauf der Datei /view/teacher_salary_details2.php. Durch Manipulation des Arguments index mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung.", }, ], metrics: [ { cvssV3_1: { baseScore: 3.5, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, }, { cvssV3_0: { baseScore: 3.5, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.0", }, }, { cvssV2_0: { baseScore: 4, vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Cross Site Scripting", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-06T04:31:03.752Z", orgId: "1af790b2-7ee1-4545-860a-a788eba489b5", shortName: "VulDB", }, references: [ { name: "VDB-263124 | Campcodes Complete Web-Based School Management System teacher_salary_details2.php cross site scripting", tags: [ "vdb-entry", "technical-description", ], url: "https://vuldb.com/?id.263124", }, { name: "VDB-263124 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", ], url: "https://vuldb.com/?ctiid.263124", }, { name: "Submit #329767 | Campcodes Complete Web-Based School Management System ≤1.0 XSS injection", tags: [ "third-party-advisory", ], url: "https://vuldb.com/?submit.329767", }, { tags: [ "exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%208.pdf", }, ], timeline: [ { lang: "en", time: "2024-05-05T00:00:00.000Z", value: "Advisory disclosed", }, { lang: "en", time: "2024-05-05T02:00:00.000Z", value: "VulDB entry created", }, { lang: "en", time: "2024-05-05T16:41:51.000Z", value: "VulDB entry last update", }, ], title: "Campcodes Complete Web-Based School Management System teacher_salary_details2.php cross site scripting", }, }, cveMetadata: { assignerOrgId: "1af790b2-7ee1-4545-860a-a788eba489b5", assignerShortName: "VulDB", cveId: "CVE-2024-4521", datePublished: "2024-05-06T04:31:03.752Z", dateReserved: "2024-05-05T14:36:25.961Z", dateUpdated: "2024-08-01T20:40:47.453Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-5109
Vulnerability from cvelistv5
Published
2024-05-20 00:31
Modified
2024-08-01 21:03
Severity ?
5.3 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
EPSS score ?
Summary
A vulnerability has been found in Campcodes Complete Web-Based School Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /view/student_payment_history.php. The manipulation of the argument index leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-265099.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.265099 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.265099 | signature, permissions-required | |
| https://vuldb.com/?submit.338513 | third-party-advisory | |
| https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2014.pdf | exploit |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Campcodes | Complete Web-Based School Management System |
Version: 1.0 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-5109", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-05-20T14:00:03.994090Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T18:02:54.583Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T21:03:10.993Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "VDB-265099 | Campcodes Complete Web-Based School Management System student_payment_history.php sql injection", tags: [ "vdb-entry", "technical-description", "x_transferred", ], url: "https://vuldb.com/?id.265099", }, { name: "VDB-265099 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", "x_transferred", ], url: "https://vuldb.com/?ctiid.265099", }, { name: "Submit #338513 | Campcodes Complete Web-Based School Management System ≤1.0 SQL Injection", tags: [ "third-party-advisory", "x_transferred", ], url: "https://vuldb.com/?submit.338513", }, { tags: [ "exploit", "x_transferred", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2014.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Complete Web-Based School Management System", vendor: "Campcodes", versions: [ { status: "affected", version: "1.0", }, ], }, ], credits: [ { lang: "en", type: "reporter", value: "SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)", }, ], descriptions: [ { lang: "en", value: "A vulnerability has been found in Campcodes Complete Web-Based School Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /view/student_payment_history.php. The manipulation of the argument index leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-265099.", }, { lang: "de", value: "In Campcodes Complete Web-Based School Management System 1.0 wurde eine Schwachstelle gefunden. Sie wurde als kritisch eingestuft. Hierbei betrifft es unbekannten Programmcode der Datei /view/student_payment_history.php. Durch Beeinflussen des Arguments index mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung.", }, ], metrics: [ { cvssV4_0: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", version: "4.0", }, }, { cvssV3_1: { baseScore: 6.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, }, { cvssV3_0: { baseScore: 6.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, }, { cvssV2_0: { baseScore: 6.5, vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-89", description: "CWE-89 SQL Injection", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-20T00:31:03.863Z", orgId: "1af790b2-7ee1-4545-860a-a788eba489b5", shortName: "VulDB", }, references: [ { name: "VDB-265099 | Campcodes Complete Web-Based School Management System student_payment_history.php sql injection", tags: [ "vdb-entry", "technical-description", ], url: "https://vuldb.com/?id.265099", }, { name: "VDB-265099 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", ], url: "https://vuldb.com/?ctiid.265099", }, { name: "Submit #338513 | Campcodes Complete Web-Based School Management System ≤1.0 SQL Injection", tags: [ "third-party-advisory", ], url: "https://vuldb.com/?submit.338513", }, { tags: [ "exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2014.pdf", }, ], timeline: [ { lang: "en", time: "2024-05-19T00:00:00.000Z", value: "Advisory disclosed", }, { lang: "en", time: "2024-05-19T02:00:00.000Z", value: "VulDB entry created", }, { lang: "en", time: "2024-05-19T07:02:38.000Z", value: "VulDB entry last update", }, ], title: "Campcodes Complete Web-Based School Management System student_payment_history.php sql injection", }, }, cveMetadata: { assignerOrgId: "1af790b2-7ee1-4545-860a-a788eba489b5", assignerShortName: "VulDB", cveId: "CVE-2024-5109", datePublished: "2024-05-20T00:31:03.863Z", dateReserved: "2024-05-19T04:57:06.332Z", dateUpdated: "2024-08-01T21:03:10.993Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-4686
Vulnerability from cvelistv5
Published
2024-05-09 20:31
Modified
2024-08-01 20:47
Severity ?
5.3 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
EPSS score ?
Summary
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /view/emarks_range_grade_update_form.php. The manipulation of the argument grade leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263627.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.263627 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.263627 | signature, permissions-required | |
| https://vuldb.com/?submit.331776 | third-party-advisory | |
| https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2033.pdf | exploit |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Campcodes | Complete Web-Based School Management System |
Version: 1.0 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-4686", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-06-20T19:49:26.425562Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-20T19:49:34.500Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T20:47:41.552Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "VDB-263627 | Campcodes Complete Web-Based School Management System emarks_range_grade_update_form.php cross site scripting", tags: [ "vdb-entry", "technical-description", "x_transferred", ], url: "https://vuldb.com/?id.263627", }, { name: "VDB-263627 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", "x_transferred", ], url: "https://vuldb.com/?ctiid.263627", }, { name: "Submit #331776 | Campcodes Complete Web-Based School Management System ≤1.0 XSS injection", tags: [ "third-party-advisory", "x_transferred", ], url: "https://vuldb.com/?submit.331776", }, { tags: [ "exploit", "x_transferred", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2033.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Complete Web-Based School Management System", vendor: "Campcodes", versions: [ { status: "affected", version: "1.0", }, ], }, ], credits: [ { lang: "en", type: "reporter", value: "SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)", }, ], descriptions: [ { lang: "en", value: "A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /view/emarks_range_grade_update_form.php. The manipulation of the argument grade leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263627.", }, { lang: "de", value: "Eine Schwachstelle wurde in Campcodes Complete Web-Based School Management System 1.0 ausgemacht. Sie wurde als problematisch eingestuft. Dies betrifft einen unbekannten Teil der Datei /view/emarks_range_grade_update_form.php. Dank Manipulation des Arguments grade mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.", }, ], metrics: [ { cvssV4_0: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", version: "4.0", }, }, { cvssV3_1: { baseScore: 3.5, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, }, { cvssV3_0: { baseScore: 3.5, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.0", }, }, { cvssV2_0: { baseScore: 4, vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Cross Site Scripting", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-09T20:31:04.626Z", orgId: "1af790b2-7ee1-4545-860a-a788eba489b5", shortName: "VulDB", }, references: [ { name: "VDB-263627 | Campcodes Complete Web-Based School Management System emarks_range_grade_update_form.php cross site scripting", tags: [ "vdb-entry", "technical-description", ], url: "https://vuldb.com/?id.263627", }, { name: "VDB-263627 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", ], url: "https://vuldb.com/?ctiid.263627", }, { name: "Submit #331776 | Campcodes Complete Web-Based School Management System ≤1.0 XSS injection", tags: [ "third-party-advisory", ], url: "https://vuldb.com/?submit.331776", }, { tags: [ "exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2033.pdf", }, ], timeline: [ { lang: "en", time: "2024-05-09T00:00:00.000Z", value: "Advisory disclosed", }, { lang: "en", time: "2024-05-09T02:00:00.000Z", value: "VulDB entry created", }, { lang: "en", time: "2024-05-09T10:55:37.000Z", value: "VulDB entry last update", }, ], title: "Campcodes Complete Web-Based School Management System emarks_range_grade_update_form.php cross site scripting", }, }, cveMetadata: { assignerOrgId: "1af790b2-7ee1-4545-860a-a788eba489b5", assignerShortName: "VulDB", cveId: "CVE-2024-4686", datePublished: "2024-05-09T20:31:04.626Z", dateReserved: "2024-05-09T08:50:16.832Z", dateUpdated: "2024-08-01T20:47:41.552Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-5110
Vulnerability from cvelistv5
Published
2024-05-20 01:00
Modified
2024-08-01 21:03
Severity ?
5.3 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
EPSS score ?
Summary
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /view/student_payment_invoice.php. The manipulation of the argument index leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-265100.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.265100 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.265100 | signature, permissions-required | |
| https://vuldb.com/?submit.338514 | third-party-advisory | |
| https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2015.pdf | exploit |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Campcodes | Complete Web-Based School Management System |
Version: 1.0 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", ], defaultStatus: "affected", product: "complete_web-based_school_management_system", vendor: "campcodes", versions: [ { status: "affected", version: "1.0", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-5110", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-05-22T19:41:32.522658Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-15T15:26:18.795Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T21:03:10.707Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "VDB-265100 | Campcodes Complete Web-Based School Management System student_payment_invoice.php sql injection", tags: [ "vdb-entry", "technical-description", "x_transferred", ], url: "https://vuldb.com/?id.265100", }, { name: "VDB-265100 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", "x_transferred", ], url: "https://vuldb.com/?ctiid.265100", }, { name: "Submit #338514 | Campcodes Complete Web-Based School Management System ≤1.0 SQL Injection", tags: [ "third-party-advisory", "x_transferred", ], url: "https://vuldb.com/?submit.338514", }, { tags: [ "exploit", "x_transferred", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2015.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Complete Web-Based School Management System", vendor: "Campcodes", versions: [ { status: "affected", version: "1.0", }, ], }, ], credits: [ { lang: "en", type: "reporter", value: "SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)", }, ], descriptions: [ { lang: "en", value: "A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /view/student_payment_invoice.php. The manipulation of the argument index leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-265100.", }, { lang: "de", value: "Eine Schwachstelle wurde in Campcodes Complete Web-Based School Management System 1.0 gefunden. Sie wurde als kritisch eingestuft. Davon betroffen ist unbekannter Code der Datei /view/student_payment_invoice.php. Dank der Manipulation des Arguments index mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.", }, ], metrics: [ { cvssV4_0: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", version: "4.0", }, }, { cvssV3_1: { baseScore: 6.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, }, { cvssV3_0: { baseScore: 6.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, }, { cvssV2_0: { baseScore: 6.5, vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-89", description: "CWE-89 SQL Injection", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-20T01:00:04.242Z", orgId: "1af790b2-7ee1-4545-860a-a788eba489b5", shortName: "VulDB", }, references: [ { name: "VDB-265100 | Campcodes Complete Web-Based School Management System student_payment_invoice.php sql injection", tags: [ "vdb-entry", "technical-description", ], url: "https://vuldb.com/?id.265100", }, { name: "VDB-265100 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", ], url: "https://vuldb.com/?ctiid.265100", }, { name: "Submit #338514 | Campcodes Complete Web-Based School Management System ≤1.0 SQL Injection", tags: [ "third-party-advisory", ], url: "https://vuldb.com/?submit.338514", }, { tags: [ "exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2015.pdf", }, ], timeline: [ { lang: "en", time: "2024-05-19T00:00:00.000Z", value: "Advisory disclosed", }, { lang: "en", time: "2024-05-19T02:00:00.000Z", value: "VulDB entry created", }, { lang: "en", time: "2024-05-19T07:02:40.000Z", value: "VulDB entry last update", }, ], title: "Campcodes Complete Web-Based School Management System student_payment_invoice.php sql injection", }, }, cveMetadata: { assignerOrgId: "1af790b2-7ee1-4545-860a-a788eba489b5", assignerShortName: "VulDB", cveId: "CVE-2024-5110", datePublished: "2024-05-20T01:00:04.242Z", dateReserved: "2024-05-19T04:57:09.073Z", dateUpdated: "2024-08-01T21:03:10.707Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-5114
Vulnerability from cvelistv5
Published
2024-05-20 03:00
Modified
2024-08-01 21:03
Severity ?
5.3 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
EPSS score ?
Summary
A vulnerability classified as critical has been found in Campcodes Complete Web-Based School Management System 1.0. Affected is an unknown function of the file /view/teacher_attendance_history1.php. The manipulation of the argument index leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-265104.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.265104 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.265104 | signature, permissions-required | |
| https://vuldb.com/?submit.338518 | third-party-advisory | |
| https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2019.pdf | exploit |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Campcodes | Complete Web-Based School Management System |
Version: 1.0 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-5114", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-05-22T17:14:13.894090Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T18:02:36.739Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T21:03:10.672Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "VDB-265104 | Campcodes Complete Web-Based School Management System teacher_attendance_history1.php sql injection", tags: [ "vdb-entry", "technical-description", "x_transferred", ], url: "https://vuldb.com/?id.265104", }, { name: "VDB-265104 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", "x_transferred", ], url: "https://vuldb.com/?ctiid.265104", }, { name: "Submit #338518 | Campcodes Complete Web-Based School Management System ≤1.0 SQL Injection", tags: [ "third-party-advisory", "x_transferred", ], url: "https://vuldb.com/?submit.338518", }, { tags: [ "exploit", "x_transferred", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2019.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Complete Web-Based School Management System", vendor: "Campcodes", versions: [ { status: "affected", version: "1.0", }, ], }, ], credits: [ { lang: "en", type: "reporter", value: "SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)", }, ], descriptions: [ { lang: "en", value: "A vulnerability classified as critical has been found in Campcodes Complete Web-Based School Management System 1.0. Affected is an unknown function of the file /view/teacher_attendance_history1.php. The manipulation of the argument index leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-265104.", }, { lang: "de", value: "Es wurde eine kritische Schwachstelle in Campcodes Complete Web-Based School Management System 1.0 entdeckt. Betroffen hiervon ist ein unbekannter Ablauf der Datei /view/teacher_attendance_history1.php. Durch Manipulation des Arguments index mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung.", }, ], metrics: [ { cvssV4_0: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", version: "4.0", }, }, { cvssV3_1: { baseScore: 6.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, }, { cvssV3_0: { baseScore: 6.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, }, { cvssV2_0: { baseScore: 6.5, vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-89", description: "CWE-89 SQL Injection", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-20T03:00:04.848Z", orgId: "1af790b2-7ee1-4545-860a-a788eba489b5", shortName: "VulDB", }, references: [ { name: "VDB-265104 | Campcodes Complete Web-Based School Management System teacher_attendance_history1.php sql injection", tags: [ "vdb-entry", "technical-description", ], url: "https://vuldb.com/?id.265104", }, { name: "VDB-265104 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", ], url: "https://vuldb.com/?ctiid.265104", }, { name: "Submit #338518 | Campcodes Complete Web-Based School Management System ≤1.0 SQL Injection", tags: [ "third-party-advisory", ], url: "https://vuldb.com/?submit.338518", }, { tags: [ "exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2019.pdf", }, ], timeline: [ { lang: "en", time: "2024-05-19T00:00:00.000Z", value: "Advisory disclosed", }, { lang: "en", time: "2024-05-19T02:00:00.000Z", value: "VulDB entry created", }, { lang: "en", time: "2024-05-19T07:02:46.000Z", value: "VulDB entry last update", }, ], title: "Campcodes Complete Web-Based School Management System teacher_attendance_history1.php sql injection", }, }, cveMetadata: { assignerOrgId: "1af790b2-7ee1-4545-860a-a788eba489b5", assignerShortName: "VulDB", cveId: "CVE-2024-5114", datePublished: "2024-05-20T03:00:04.848Z", dateReserved: "2024-05-19T04:57:20.799Z", dateUpdated: "2024-08-01T21:03:10.672Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-33402
Vulnerability from cvelistv5
Published
2024-05-28 17:57
Modified
2025-02-13 15:52
Severity ?
EPSS score ?
Summary
A SQL injection vulnerability in /model/approve_petty_cash.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the id parameter.
References
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "complete_web-based_school_management_system", vendor: "campcodes", versions: [ { status: "affected", version: "1.0", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-33402", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-06-05T20:46:56.426994Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-89", description: "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-05T20:48:28.130Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T02:27:53.626Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%204.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "A SQL injection vulnerability in /model/approve_petty_cash.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the id parameter.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-28T17:57:41.632Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%204.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-33402", datePublished: "2024-05-28T17:57:41.315Z", dateReserved: "2024-04-23T00:00:00.000Z", dateUpdated: "2025-02-13T15:52:36.249Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-4517
Vulnerability from cvelistv5
Published
2024-05-06 03:00
Modified
2024-08-01 20:40
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
EPSS score ?
Summary
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /view/teacher_salary_invoice1.php. The manipulation of the argument date leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263121 was assigned to this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.263121 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.263121 | signature, permissions-required | |
| https://vuldb.com/?submit.329698 | third-party-advisory | |
| https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%205.pdf | exploit |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Campcodes | Complete Web-Based School Management System |
Version: 1.0 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-4517", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-05-06T20:42:52.905724Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:53:07.290Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T20:40:47.414Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "VDB-263121 | Campcodes Complete Web-Based School Management System teacher_salary_invoice1.php cross site scripting", tags: [ "vdb-entry", "technical-description", "x_transferred", ], url: "https://vuldb.com/?id.263121", }, { name: "VDB-263121 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", "x_transferred", ], url: "https://vuldb.com/?ctiid.263121", }, { name: "Submit #329698 | Campcodes Complete Web-Based School Management System ≤1.0 XSS injection", tags: [ "third-party-advisory", "x_transferred", ], url: "https://vuldb.com/?submit.329698", }, { tags: [ "exploit", "x_transferred", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%205.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Complete Web-Based School Management System", vendor: "Campcodes", versions: [ { status: "affected", version: "1.0", }, ], }, ], credits: [ { lang: "en", type: "reporter", value: "SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)", }, ], descriptions: [ { lang: "en", value: "A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /view/teacher_salary_invoice1.php. The manipulation of the argument date leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263121 was assigned to this vulnerability.", }, { lang: "de", value: "Es wurde eine Schwachstelle in Campcodes Complete Web-Based School Management System 1.0 ausgemacht. Sie wurde als problematisch eingestuft. Hiervon betroffen ist ein unbekannter Codeblock der Datei /view/teacher_salary_invoice1.php. Dank Manipulation des Arguments date mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung.", }, ], metrics: [ { cvssV3_1: { baseScore: 3.5, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, }, { cvssV3_0: { baseScore: 3.5, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.0", }, }, { cvssV2_0: { baseScore: 4, vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Cross Site Scripting", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-06T03:00:04.084Z", orgId: "1af790b2-7ee1-4545-860a-a788eba489b5", shortName: "VulDB", }, references: [ { name: "VDB-263121 | Campcodes Complete Web-Based School Management System teacher_salary_invoice1.php cross site scripting", tags: [ "vdb-entry", "technical-description", ], url: "https://vuldb.com/?id.263121", }, { name: "VDB-263121 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", ], url: "https://vuldb.com/?ctiid.263121", }, { name: "Submit #329698 | Campcodes Complete Web-Based School Management System ≤1.0 XSS injection", tags: [ "third-party-advisory", ], url: "https://vuldb.com/?submit.329698", }, { tags: [ "exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%205.pdf", }, ], timeline: [ { lang: "en", time: "2024-05-05T00:00:00.000Z", value: "Advisory disclosed", }, { lang: "en", time: "2024-05-05T02:00:00.000Z", value: "VulDB entry created", }, { lang: "en", time: "2024-05-05T13:35:14.000Z", value: "VulDB entry last update", }, ], title: "Campcodes Complete Web-Based School Management System teacher_salary_invoice1.php cross site scripting", }, }, cveMetadata: { assignerOrgId: "1af790b2-7ee1-4545-860a-a788eba489b5", assignerShortName: "VulDB", cveId: "CVE-2024-4517", datePublished: "2024-05-06T03:00:04.084Z", dateReserved: "2024-05-05T11:29:49.733Z", dateUpdated: "2024-08-01T20:40:47.414Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-34933
Vulnerability from cvelistv5
Published
2024-05-23 16:33
Modified
2025-02-13 15:53
Severity ?
EPSS score ?
Summary
A SQL injection vulnerability in /model/update_grade.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the admission_fee parameter.
References
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:campcodes:complete_web-based_school_management_system:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "complete_web-based_school_management_system", vendor: "campcodes", versions: [ { status: "unknown", version: "1.0", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, }, { other: { content: { id: "CVE-2024-34933", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-06-26T17:55:29.263660Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-89", description: "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-26T17:58:08.077Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T02:59:22.664Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2023.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "A SQL injection vulnerability in /model/update_grade.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the admission_fee parameter.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-23T16:33:35.391Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2023.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-34933", datePublished: "2024-05-23T16:33:35.078Z", dateReserved: "2024-05-09T00:00:00.000Z", dateUpdated: "2025-02-13T15:53:37.570Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-34934
Vulnerability from cvelistv5
Published
2024-05-23 16:33
Modified
2025-02-13 15:53
Severity ?
EPSS score ?
Summary
A SQL injection vulnerability in /view/emarks_range_grade_update_form.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the conversation_id parameter.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T02:59:22.620Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2028.pdf", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "complete_web-based_school_management_system", vendor: "campcodes", versions: [ { status: "affected", version: "1.0", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-34934", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-08-20T14:16:57.681320Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-89", description: "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-20T14:18:19.387Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "A SQL injection vulnerability in /view/emarks_range_grade_update_form.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the conversation_id parameter.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-23T16:33:58.412Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2028.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-34934", datePublished: "2024-05-23T16:33:58.084Z", dateReserved: "2024-05-09T00:00:00.000Z", dateUpdated: "2025-02-13T15:53:38.199Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-34927
Vulnerability from cvelistv5
Published
2024-05-23 16:22
Modified
2025-02-13 15:53
Severity ?
EPSS score ?
Summary
A SQL injection vulnerability in /model/update_classroom.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the name parameter.
References
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:campcodes:complete_web-based_school_management_system:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "complete_web-based_school_management_system", vendor: "campcodes", versions: [ { status: "affected", version: "1.0", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-34927", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-05-24T14:56:42.897267Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-89", description: "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-04T17:40:55.603Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T02:59:22.640Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2021.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "A SQL injection vulnerability in /model/update_classroom.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the name parameter.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-23T16:22:36.587Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2021.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-34927", datePublished: "2024-05-23T16:22:36.239Z", dateReserved: "2024-05-09T00:00:00.000Z", dateUpdated: "2025-02-13T15:53:33.960Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-4722
Vulnerability from cvelistv5
Published
2024-05-10 16:00
Modified
2024-08-01 20:47
Severity ?
5.3 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
EPSS score ?
Summary
A vulnerability classified as problematic was found in Campcodes Complete Web-Based School Management System 1.0. This vulnerability affects unknown code of the file index.php. The manipulation of the argument category leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263800.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.263800 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.263800 | signature, permissions-required | |
| https://vuldb.com/?submit.331888 | third-party-advisory | |
| https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2045.pdf | exploit |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Campcodes | Complete Web-Based School Management System |
Version: 1.0 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:campcodes:complete_web-based_school_management_system:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "complete_web-based_school_management_system", vendor: "campcodes", versions: [ { status: "affected", version: "1.0", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-4722", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-05-10T17:32:18.696823Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:56:06.148Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T20:47:41.669Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "VDB-263800 | Campcodes Complete Web-Based School Management System index.php cross site scripting", tags: [ "vdb-entry", "technical-description", "x_transferred", ], url: "https://vuldb.com/?id.263800", }, { name: "VDB-263800 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", "x_transferred", ], url: "https://vuldb.com/?ctiid.263800", }, { name: "Submit #331888 | Campcodes Complete Web-Based School Management System ≤1.0 XSS injection", tags: [ "third-party-advisory", "x_transferred", ], url: "https://vuldb.com/?submit.331888", }, { tags: [ "exploit", "x_transferred", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2045.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Complete Web-Based School Management System", vendor: "Campcodes", versions: [ { status: "affected", version: "1.0", }, ], }, ], credits: [ { lang: "en", type: "reporter", value: "SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)", }, ], descriptions: [ { lang: "en", value: "A vulnerability classified as problematic was found in Campcodes Complete Web-Based School Management System 1.0. This vulnerability affects unknown code of the file index.php. The manipulation of the argument category leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263800.", }, { lang: "de", value: "In Campcodes Complete Web-Based School Management System 1.0 wurde eine Schwachstelle entdeckt. Sie wurde als problematisch eingestuft. Es geht um eine nicht näher bekannte Funktion der Datei index.php. Durch das Beeinflussen des Arguments category mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.", }, ], metrics: [ { cvssV4_0: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", version: "4.0", }, }, { cvssV3_1: { baseScore: 3.5, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, }, { cvssV3_0: { baseScore: 3.5, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.0", }, }, { cvssV2_0: { baseScore: 4, vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Cross Site Scripting", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-10T16:00:04.633Z", orgId: "1af790b2-7ee1-4545-860a-a788eba489b5", shortName: "VulDB", }, references: [ { name: "VDB-263800 | Campcodes Complete Web-Based School Management System index.php cross site scripting", tags: [ "vdb-entry", "technical-description", ], url: "https://vuldb.com/?id.263800", }, { name: "VDB-263800 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", ], url: "https://vuldb.com/?ctiid.263800", }, { name: "Submit #331888 | Campcodes Complete Web-Based School Management System ≤1.0 XSS injection", tags: [ "third-party-advisory", ], url: "https://vuldb.com/?submit.331888", }, { tags: [ "exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2045.pdf", }, ], timeline: [ { lang: "en", time: "2024-05-10T00:00:00.000Z", value: "Advisory disclosed", }, { lang: "en", time: "2024-05-10T02:00:00.000Z", value: "VulDB entry created", }, { lang: "en", time: "2024-05-10T07:43:28.000Z", value: "VulDB entry last update", }, ], title: "Campcodes Complete Web-Based School Management System index.php cross site scripting", }, }, cveMetadata: { assignerOrgId: "1af790b2-7ee1-4545-860a-a788eba489b5", assignerShortName: "VulDB", cveId: "CVE-2024-4722", datePublished: "2024-05-10T16:00:04.633Z", dateReserved: "2024-05-10T05:38:07.632Z", dateUpdated: "2024-08-01T20:47:41.669Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-5105
Vulnerability from cvelistv5
Published
2024-05-19 22:31
Modified
2024-08-01 21:03
Severity ?
5.3 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
EPSS score ?
Summary
A vulnerability classified as critical has been found in Campcodes Complete Web-Based School Management System 1.0. This affects an unknown part of the file /view/student_payment_details.php. The manipulation of the argument index leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-265095.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.265095 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.265095 | signature, permissions-required | |
| https://vuldb.com/?submit.338508 | third-party-advisory | |
| https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2010.pdf | exploit |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Campcodes | Complete Web-Based School Management System |
Version: 1.0 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-5105", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-05-20T14:00:41.716147Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T18:02:50.741Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T21:03:10.689Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "VDB-265095 | Campcodes Complete Web-Based School Management System student_payment_details.php sql injection", tags: [ "vdb-entry", "technical-description", "x_transferred", ], url: "https://vuldb.com/?id.265095", }, { name: "VDB-265095 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", "x_transferred", ], url: "https://vuldb.com/?ctiid.265095", }, { name: "Submit #338508 | Campcodes Complete Web-Based School Management System ≤1.0 SQL Injection", tags: [ "third-party-advisory", "x_transferred", ], url: "https://vuldb.com/?submit.338508", }, { tags: [ "exploit", "x_transferred", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2010.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Complete Web-Based School Management System", vendor: "Campcodes", versions: [ { status: "affected", version: "1.0", }, ], }, ], credits: [ { lang: "en", type: "reporter", value: "SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)", }, ], descriptions: [ { lang: "en", value: "A vulnerability classified as critical has been found in Campcodes Complete Web-Based School Management System 1.0. This affects an unknown part of the file /view/student_payment_details.php. The manipulation of the argument index leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-265095.", }, { lang: "de", value: "Es wurde eine Schwachstelle in Campcodes Complete Web-Based School Management System 1.0 entdeckt. Sie wurde als kritisch eingestuft. Es betrifft eine unbekannte Funktion der Datei /view/student_payment_details.php. Mittels Manipulieren des Arguments index mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.", }, ], metrics: [ { cvssV4_0: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", version: "4.0", }, }, { cvssV3_1: { baseScore: 6.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, }, { cvssV3_0: { baseScore: 6.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, }, { cvssV2_0: { baseScore: 6.5, vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-89", description: "CWE-89 SQL Injection", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-19T22:31:04.156Z", orgId: "1af790b2-7ee1-4545-860a-a788eba489b5", shortName: "VulDB", }, references: [ { name: "VDB-265095 | Campcodes Complete Web-Based School Management System student_payment_details.php sql injection", tags: [ "vdb-entry", "technical-description", ], url: "https://vuldb.com/?id.265095", }, { name: "VDB-265095 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", ], url: "https://vuldb.com/?ctiid.265095", }, { name: "Submit #338508 | Campcodes Complete Web-Based School Management System ≤1.0 SQL Injection", tags: [ "third-party-advisory", ], url: "https://vuldb.com/?submit.338508", }, { tags: [ "exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2010.pdf", }, ], timeline: [ { lang: "en", time: "2024-05-19T00:00:00.000Z", value: "Advisory disclosed", }, { lang: "en", time: "2024-05-19T02:00:00.000Z", value: "VulDB entry created", }, { lang: "en", time: "2024-05-19T07:02:33.000Z", value: "VulDB entry last update", }, ], title: "Campcodes Complete Web-Based School Management System student_payment_details.php sql injection", }, }, cveMetadata: { assignerOrgId: "1af790b2-7ee1-4545-860a-a788eba489b5", assignerShortName: "VulDB", cveId: "CVE-2024-5105", datePublished: "2024-05-19T22:31:04.156Z", dateReserved: "2024-05-19T04:56:54.462Z", dateUpdated: "2024-08-01T21:03:10.689Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-4910
Vulnerability from cvelistv5
Published
2024-05-15 20:00
Modified
2024-08-01 20:55
Severity ?
5.3 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
EPSS score ?
Summary
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /view/student_exam_mark_insert_form1.php. The manipulation of the argument grade leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-264445 was assigned to this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.264445 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.264445 | signature, permissions-required | |
| https://vuldb.com/?submit.333296 | third-party-advisory | |
| https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%206.pdf | exploit |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Campcodes | Complete Web-Based School Management System |
Version: 1.0 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "complete_web-based_school_management_system", vendor: "campcodes", versions: [ { status: "affected", version: "1.0", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-4910", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-05-16T15:31:52.981066Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:54:24.399Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T20:55:10.286Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "VDB-264445 | Campcodes Complete Web-Based School Management System student_exam_mark_insert_form1.php sql injection", tags: [ "vdb-entry", "technical-description", "x_transferred", ], url: "https://vuldb.com/?id.264445", }, { name: "VDB-264445 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", "x_transferred", ], url: "https://vuldb.com/?ctiid.264445", }, { name: "Submit #333296 | Campcodes Complete Web-Based School Management System ≤1.0 SQL Injection", tags: [ "third-party-advisory", "x_transferred", ], url: "https://vuldb.com/?submit.333296", }, { tags: [ "exploit", "x_transferred", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%206.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Complete Web-Based School Management System", vendor: "Campcodes", versions: [ { status: "affected", version: "1.0", }, ], }, ], credits: [ { lang: "en", type: "reporter", value: "SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)", }, ], descriptions: [ { lang: "en", value: "A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /view/student_exam_mark_insert_form1.php. The manipulation of the argument grade leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-264445 was assigned to this vulnerability.", }, { lang: "de", value: "In Campcodes Complete Web-Based School Management System 1.0 wurde eine kritische Schwachstelle ausgemacht. Es geht um eine nicht näher bekannte Funktion der Datei /view/student_exam_mark_insert_form1.php. Mittels dem Manipulieren des Arguments grade mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.", }, ], metrics: [ { cvssV4_0: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", version: "4.0", }, }, { cvssV3_1: { baseScore: 6.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, }, { cvssV3_0: { baseScore: 6.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, }, { cvssV2_0: { baseScore: 6.5, vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-89", description: "CWE-89 SQL Injection", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-15T20:00:06.027Z", orgId: "1af790b2-7ee1-4545-860a-a788eba489b5", shortName: "VulDB", }, references: [ { name: "VDB-264445 | Campcodes Complete Web-Based School Management System student_exam_mark_insert_form1.php sql injection", tags: [ "vdb-entry", "technical-description", ], url: "https://vuldb.com/?id.264445", }, { name: "VDB-264445 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", ], url: "https://vuldb.com/?ctiid.264445", }, { name: "Submit #333296 | Campcodes Complete Web-Based School Management System ≤1.0 SQL Injection", tags: [ "third-party-advisory", ], url: "https://vuldb.com/?submit.333296", }, { tags: [ "exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%206.pdf", }, ], timeline: [ { lang: "en", time: "2024-05-15T00:00:00.000Z", value: "Advisory disclosed", }, { lang: "en", time: "2024-05-15T02:00:00.000Z", value: "VulDB entry created", }, { lang: "en", time: "2024-05-15T13:22:48.000Z", value: "VulDB entry last update", }, ], title: "Campcodes Complete Web-Based School Management System student_exam_mark_insert_form1.php sql injection", }, }, cveMetadata: { assignerOrgId: "1af790b2-7ee1-4545-860a-a788eba489b5", assignerShortName: "VulDB", cveId: "CVE-2024-4910", datePublished: "2024-05-15T20:00:06.027Z", dateReserved: "2024-05-15T11:17:12.517Z", dateUpdated: "2024-08-01T20:55:10.286Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-4519
Vulnerability from cvelistv5
Published
2024-05-06 04:00
Modified
2024-08-01 20:40
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
EPSS score ?
Summary
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /view/teacher_salary_details3.php. The manipulation of the argument month leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263123.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.263123 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.263123 | signature, permissions-required | |
| https://vuldb.com/?submit.329700 | third-party-advisory | |
| https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%207.pdf | exploit |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Campcodes | Complete Web-Based School Management System |
Version: 1.0 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-4519", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-05-06T14:31:48.332204Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:56:04.398Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T20:40:47.429Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "VDB-263123 | Campcodes Complete Web-Based School Management System teacher_salary_details3.php cross site scripting", tags: [ "vdb-entry", "technical-description", "x_transferred", ], url: "https://vuldb.com/?id.263123", }, { name: "VDB-263123 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", "x_transferred", ], url: "https://vuldb.com/?ctiid.263123", }, { name: "Submit #329700 | Campcodes Complete Web-Based School Management System ≤1.0 XSS injection", tags: [ "third-party-advisory", "x_transferred", ], url: "https://vuldb.com/?submit.329700", }, { tags: [ "exploit", "x_transferred", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%207.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Complete Web-Based School Management System", vendor: "Campcodes", versions: [ { status: "affected", version: "1.0", }, ], }, ], credits: [ { lang: "en", type: "reporter", value: "SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)", }, ], descriptions: [ { lang: "en", value: "A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /view/teacher_salary_details3.php. The manipulation of the argument month leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263123.", }, { lang: "de", value: "Eine Schwachstelle wurde in Campcodes Complete Web-Based School Management System 1.0 ausgemacht. Sie wurde als problematisch eingestuft. Betroffen davon ist ein unbekannter Prozess der Datei /view/teacher_salary_details3.php. Durch die Manipulation des Arguments month mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.", }, ], metrics: [ { cvssV3_1: { baseScore: 3.5, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, }, { cvssV3_0: { baseScore: 3.5, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.0", }, }, { cvssV2_0: { baseScore: 4, vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Cross Site Scripting", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-06T04:00:04.691Z", orgId: "1af790b2-7ee1-4545-860a-a788eba489b5", shortName: "VulDB", }, references: [ { name: "VDB-263123 | Campcodes Complete Web-Based School Management System teacher_salary_details3.php cross site scripting", tags: [ "vdb-entry", "technical-description", ], url: "https://vuldb.com/?id.263123", }, { name: "VDB-263123 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", ], url: "https://vuldb.com/?ctiid.263123", }, { name: "Submit #329700 | Campcodes Complete Web-Based School Management System ≤1.0 XSS injection", tags: [ "third-party-advisory", ], url: "https://vuldb.com/?submit.329700", }, { tags: [ "exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%207.pdf", }, ], timeline: [ { lang: "en", time: "2024-05-05T00:00:00.000Z", value: "Advisory disclosed", }, { lang: "en", time: "2024-05-05T02:00:00.000Z", value: "VulDB entry created", }, { lang: "en", time: "2024-05-05T13:35:16.000Z", value: "VulDB entry last update", }, ], title: "Campcodes Complete Web-Based School Management System teacher_salary_details3.php cross site scripting", }, }, cveMetadata: { assignerOrgId: "1af790b2-7ee1-4545-860a-a788eba489b5", assignerShortName: "VulDB", cveId: "CVE-2024-4519", datePublished: "2024-05-06T04:00:04.691Z", dateReserved: "2024-05-05T11:29:55.909Z", dateUpdated: "2024-08-01T20:40:47.429Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-4716
Vulnerability from cvelistv5
Published
2024-05-10 13:00
Modified
2024-08-01 20:47
Severity ?
5.3 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
EPSS score ?
Summary
A vulnerability has been found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /model/update_exam.php. The manipulation of the argument name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-263794 is the identifier assigned to this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.263794 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.263794 | signature, permissions-required | |
| https://vuldb.com/?submit.331882 | third-party-advisory | |
| https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2039.pdf | exploit |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Campcodes | Complete Web-Based School Management System |
Version: 1.0 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:campcodes:complete_web-based_school_management_system:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "complete_web-based_school_management_system", vendor: "campcodes", versions: [ { status: "affected", version: "1.0", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-4716", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-05-10T14:35:50.363742Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:53:01.962Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T20:47:41.778Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "VDB-263794 | Campcodes Complete Web-Based School Management System update_exam.php cross site scripting", tags: [ "vdb-entry", "technical-description", "x_transferred", ], url: "https://vuldb.com/?id.263794", }, { name: "VDB-263794 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", "x_transferred", ], url: "https://vuldb.com/?ctiid.263794", }, { name: "Submit #331882 | Campcodes Complete Web-Based School Management System ≤1.0 XSS injection", tags: [ "third-party-advisory", "x_transferred", ], url: "https://vuldb.com/?submit.331882", }, { tags: [ "exploit", "x_transferred", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2039.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Complete Web-Based School Management System", vendor: "Campcodes", versions: [ { status: "affected", version: "1.0", }, ], }, ], credits: [ { lang: "en", type: "reporter", value: "SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)", }, ], descriptions: [ { lang: "en", value: "A vulnerability has been found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /model/update_exam.php. The manipulation of the argument name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-263794 is the identifier assigned to this vulnerability.", }, { lang: "de", value: "In Campcodes Complete Web-Based School Management System 1.0 wurde eine problematische Schwachstelle gefunden. Hierbei betrifft es unbekannten Programmcode der Datei /model/update_exam.php. Durch die Manipulation des Arguments name mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung.", }, ], metrics: [ { cvssV4_0: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", version: "4.0", }, }, { cvssV3_1: { baseScore: 3.5, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, }, { cvssV3_0: { baseScore: 3.5, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.0", }, }, { cvssV2_0: { baseScore: 4, vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Cross Site Scripting", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-10T13:00:04.645Z", orgId: "1af790b2-7ee1-4545-860a-a788eba489b5", shortName: "VulDB", }, references: [ { name: "VDB-263794 | Campcodes Complete Web-Based School Management System update_exam.php cross site scripting", tags: [ "vdb-entry", "technical-description", ], url: "https://vuldb.com/?id.263794", }, { name: "VDB-263794 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", ], url: "https://vuldb.com/?ctiid.263794", }, { name: "Submit #331882 | Campcodes Complete Web-Based School Management System ≤1.0 XSS injection", tags: [ "third-party-advisory", ], url: "https://vuldb.com/?submit.331882", }, { tags: [ "exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2039.pdf", }, ], timeline: [ { lang: "en", time: "2024-05-10T00:00:00.000Z", value: "Advisory disclosed", }, { lang: "en", time: "2024-05-10T02:00:00.000Z", value: "VulDB entry created", }, { lang: "en", time: "2024-05-10T07:43:19.000Z", value: "VulDB entry last update", }, ], title: "Campcodes Complete Web-Based School Management System update_exam.php cross site scripting", }, }, cveMetadata: { assignerOrgId: "1af790b2-7ee1-4545-860a-a788eba489b5", assignerShortName: "VulDB", cveId: "CVE-2024-4716", datePublished: "2024-05-10T13:00:04.645Z", dateReserved: "2024-05-10T05:37:51.373Z", dateUpdated: "2024-08-01T20:47:41.778Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-4674
Vulnerability from cvelistv5
Published
2024-05-09 11:00
Modified
2024-08-01 20:47
Severity ?
5.3 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
EPSS score ?
Summary
A vulnerability, which was classified as problematic, was found in Campcodes Complete Web-Based School Management System 1.0. This affects an unknown part of the file /view/show_friend_request.php. The manipulation of the argument my_index leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263595.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.263595 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.263595 | signature, permissions-required | |
| https://vuldb.com/?submit.331310 | third-party-advisory | |
| https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2024.pdf | exploit |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Campcodes | Complete Web-Based School Management System |
Version: 1.0 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:campcodes:complete_web-based_school_management_system:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "complete_web-based_school_management_system", vendor: "campcodes", versions: [ { status: "affected", version: "1.0", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-4674", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-05-09T18:24:10.124456Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:54:36.522Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T20:47:41.554Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "VDB-263595 | Campcodes Complete Web-Based School Management System show_friend_request.php cross site scripting", tags: [ "vdb-entry", "technical-description", "x_transferred", ], url: "https://vuldb.com/?id.263595", }, { name: "VDB-263595 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", "x_transferred", ], url: "https://vuldb.com/?ctiid.263595", }, { name: "Submit #331310 | Campcodes Complete Web-Based School Management System ≤1.0 XSS injection", tags: [ "third-party-advisory", "x_transferred", ], url: "https://vuldb.com/?submit.331310", }, { tags: [ "exploit", "x_transferred", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2024.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Complete Web-Based School Management System", vendor: "Campcodes", versions: [ { status: "affected", version: "1.0", }, ], }, ], credits: [ { lang: "en", type: "reporter", value: "SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)", }, ], descriptions: [ { lang: "en", value: "A vulnerability, which was classified as problematic, was found in Campcodes Complete Web-Based School Management System 1.0. This affects an unknown part of the file /view/show_friend_request.php. The manipulation of the argument my_index leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263595.", }, { lang: "de", value: "Es wurde eine problematische Schwachstelle in Campcodes Complete Web-Based School Management System 1.0 gefunden. Es betrifft eine unbekannte Funktion der Datei /view/show_friend_request.php. Mit der Manipulation des Arguments my_index mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.", }, ], metrics: [ { cvssV4_0: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", version: "4.0", }, }, { cvssV3_1: { baseScore: 3.5, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, }, { cvssV3_0: { baseScore: 3.5, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.0", }, }, { cvssV2_0: { baseScore: 4, vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Cross Site Scripting", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-09T11:00:05.041Z", orgId: "1af790b2-7ee1-4545-860a-a788eba489b5", shortName: "VulDB", }, references: [ { name: "VDB-263595 | Campcodes Complete Web-Based School Management System show_friend_request.php cross site scripting", tags: [ "vdb-entry", "technical-description", ], url: "https://vuldb.com/?id.263595", }, { name: "VDB-263595 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", ], url: "https://vuldb.com/?ctiid.263595", }, { name: "Submit #331310 | Campcodes Complete Web-Based School Management System ≤1.0 XSS injection", tags: [ "third-party-advisory", ], url: "https://vuldb.com/?submit.331310", }, { tags: [ "exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2024.pdf", }, ], timeline: [ { lang: "en", time: "2024-05-08T00:00:00.000Z", value: "Advisory disclosed", }, { lang: "en", time: "2024-05-08T02:00:00.000Z", value: "VulDB entry created", }, { lang: "en", time: "2024-05-09T05:41:02.000Z", value: "VulDB entry last update", }, ], title: "Campcodes Complete Web-Based School Management System show_friend_request.php cross site scripting", }, }, cveMetadata: { assignerOrgId: "1af790b2-7ee1-4545-860a-a788eba489b5", assignerShortName: "VulDB", cveId: "CVE-2024-4674", datePublished: "2024-05-09T11:00:05.041Z", dateReserved: "2024-05-09T03:35:42.112Z", dateUpdated: "2024-08-01T20:47:41.554Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-5232
Vulnerability from cvelistv5
Published
2024-05-23 03:31
Modified
2024-08-01 21:03
Severity ?
5.3 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
EPSS score ?
Summary
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been classified as critical. This affects an unknown part of the file /view/teacher_salary_details2.php. The manipulation of the argument index leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-265983.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.265983 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.265983 | signature, permissions-required | |
| https://vuldb.com/?submit.339808 | third-party-advisory | |
| https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2022.pdf | exploit |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Campcodes | Complete Web-Based School Management System |
Version: 1.0 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "complete_web-based_school_management_system", vendor: "campcodes", versions: [ { status: "affected", version: "1.0", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-5232", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-05-23T15:32:22.283986Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T18:02:02.198Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T21:03:11.072Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "VDB-265983 | Campcodes Complete Web-Based School Management System teacher_salary_details2.php sql injection", tags: [ "vdb-entry", "technical-description", "x_transferred", ], url: "https://vuldb.com/?id.265983", }, { name: "VDB-265983 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", "x_transferred", ], url: "https://vuldb.com/?ctiid.265983", }, { name: "Submit #339808 | Campcodes Complete Web-Based School Management System ≤1.0 SQL Injection", tags: [ "third-party-advisory", "x_transferred", ], url: "https://vuldb.com/?submit.339808", }, { tags: [ "exploit", "x_transferred", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2022.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Complete Web-Based School Management System", vendor: "Campcodes", versions: [ { status: "affected", version: "1.0", }, ], }, ], credits: [ { lang: "en", type: "reporter", value: "SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)", }, ], descriptions: [ { lang: "en", value: "A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been classified as critical. This affects an unknown part of the file /view/teacher_salary_details2.php. The manipulation of the argument index leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-265983.", }, { lang: "de", value: "Es wurde eine Schwachstelle in Campcodes Complete Web-Based School Management System 1.0 ausgemacht. Sie wurde als kritisch eingestuft. Dabei betrifft es einen unbekannter Codeteil der Datei /view/teacher_salary_details2.php. Durch die Manipulation des Arguments index mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.", }, ], metrics: [ { cvssV4_0: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", version: "4.0", }, }, { cvssV3_1: { baseScore: 6.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, }, { cvssV3_0: { baseScore: 6.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, }, { cvssV2_0: { baseScore: 6.5, vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-89", description: "CWE-89 SQL Injection", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-23T03:31:03.710Z", orgId: "1af790b2-7ee1-4545-860a-a788eba489b5", shortName: "VulDB", }, references: [ { name: "VDB-265983 | Campcodes Complete Web-Based School Management System teacher_salary_details2.php sql injection", tags: [ "vdb-entry", "technical-description", ], url: "https://vuldb.com/?id.265983", }, { name: "VDB-265983 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", ], url: "https://vuldb.com/?ctiid.265983", }, { name: "Submit #339808 | Campcodes Complete Web-Based School Management System ≤1.0 SQL Injection", tags: [ "third-party-advisory", ], url: "https://vuldb.com/?submit.339808", }, { tags: [ "exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2022.pdf", }, ], timeline: [ { lang: "en", time: "2024-05-22T00:00:00.000Z", value: "Advisory disclosed", }, { lang: "en", time: "2024-05-22T02:00:00.000Z", value: "VulDB entry created", }, { lang: "en", time: "2024-05-22T22:37:13.000Z", value: "VulDB entry last update", }, ], title: "Campcodes Complete Web-Based School Management System teacher_salary_details2.php sql injection", }, }, cveMetadata: { assignerOrgId: "1af790b2-7ee1-4545-860a-a788eba489b5", assignerShortName: "VulDB", cveId: "CVE-2024-5232", datePublished: "2024-05-23T03:31:03.710Z", dateReserved: "2024-05-22T20:31:42.566Z", dateUpdated: "2024-08-01T21:03:11.072Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-4524
Vulnerability from cvelistv5
Published
2024-05-06 05:31
Modified
2024-08-01 20:40
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
EPSS score ?
Summary
A vulnerability, which was classified as problematic, was found in Campcodes Complete Web-Based School Management System 1.0. This affects an unknown part of the file /view/student_payment_invoice.php. The manipulation of the argument desc leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263127.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.263127 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.263127 | signature, permissions-required | |
| https://vuldb.com/?submit.329770 | third-party-advisory | |
| https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2011.pdf | exploit |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Campcodes | Complete Web-Based School Management System |
Version: 1.0 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-4524", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-05-06T16:07:16.613317Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:55:34.540Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T20:40:47.359Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "VDB-263127 | Campcodes Complete Web-Based School Management System student_payment_invoice.php cross site scripting", tags: [ "vdb-entry", "technical-description", "x_transferred", ], url: "https://vuldb.com/?id.263127", }, { name: "VDB-263127 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", "x_transferred", ], url: "https://vuldb.com/?ctiid.263127", }, { name: "Submit #329770 | Campcodes Complete Web-Based School Management System ≤1.0 XSS injection", tags: [ "third-party-advisory", "x_transferred", ], url: "https://vuldb.com/?submit.329770", }, { tags: [ "exploit", "x_transferred", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2011.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Complete Web-Based School Management System", vendor: "Campcodes", versions: [ { status: "affected", version: "1.0", }, ], }, ], credits: [ { lang: "en", type: "reporter", value: "SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)", }, ], descriptions: [ { lang: "en", value: "A vulnerability, which was classified as problematic, was found in Campcodes Complete Web-Based School Management System 1.0. This affects an unknown part of the file /view/student_payment_invoice.php. The manipulation of the argument desc leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263127.", }, { lang: "de", value: "Es wurde eine problematische Schwachstelle in Campcodes Complete Web-Based School Management System 1.0 gefunden. Es geht dabei um eine nicht klar definierte Funktion der Datei /view/student_payment_invoice.php. Durch das Manipulieren des Arguments desc mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.", }, ], metrics: [ { cvssV3_1: { baseScore: 3.5, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, }, { cvssV3_0: { baseScore: 3.5, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.0", }, }, { cvssV2_0: { baseScore: 4, vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Cross Site Scripting", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-06T05:31:04.504Z", orgId: "1af790b2-7ee1-4545-860a-a788eba489b5", shortName: "VulDB", }, references: [ { name: "VDB-263127 | Campcodes Complete Web-Based School Management System student_payment_invoice.php cross site scripting", tags: [ "vdb-entry", "technical-description", ], url: "https://vuldb.com/?id.263127", }, { name: "VDB-263127 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", ], url: "https://vuldb.com/?ctiid.263127", }, { name: "Submit #329770 | Campcodes Complete Web-Based School Management System ≤1.0 XSS injection", tags: [ "third-party-advisory", ], url: "https://vuldb.com/?submit.329770", }, { tags: [ "exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2011.pdf", }, ], timeline: [ { lang: "en", time: "2024-05-05T00:00:00.000Z", value: "Advisory disclosed", }, { lang: "en", time: "2024-05-05T02:00:00.000Z", value: "VulDB entry created", }, { lang: "en", time: "2024-05-05T16:41:56.000Z", value: "VulDB entry last update", }, ], title: "Campcodes Complete Web-Based School Management System student_payment_invoice.php cross site scripting", }, }, cveMetadata: { assignerOrgId: "1af790b2-7ee1-4545-860a-a788eba489b5", assignerShortName: "VulDB", cveId: "CVE-2024-4524", datePublished: "2024-05-06T05:31:04.504Z", dateReserved: "2024-05-05T14:36:35.125Z", dateUpdated: "2024-08-01T20:40:47.359Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-4518
Vulnerability from cvelistv5
Published
2024-05-06 03:31
Modified
2024-08-01 20:40
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
EPSS score ?
Summary
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /view/teacher_salary_invoice.php. The manipulation of the argument desc leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-263122 is the identifier assigned to this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.263122 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.263122 | signature, permissions-required | |
| https://vuldb.com/?submit.329699 | third-party-advisory | |
| https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%206.pdf | exploit |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Campcodes | Complete Web-Based School Management System |
Version: 1.0 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-4518", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-07-18T15:20:00.632517Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-18T15:20:24.036Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T20:40:47.434Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "VDB-263122 | Campcodes Complete Web-Based School Management System teacher_salary_invoice.php cross site scripting", tags: [ "vdb-entry", "technical-description", "x_transferred", ], url: "https://vuldb.com/?id.263122", }, { name: "VDB-263122 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", "x_transferred", ], url: "https://vuldb.com/?ctiid.263122", }, { name: "Submit #329699 | Campcodes Complete Web-Based School Management System ≤1.0 XSS injection", tags: [ "third-party-advisory", "x_transferred", ], url: "https://vuldb.com/?submit.329699", }, { tags: [ "exploit", "x_transferred", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%206.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Complete Web-Based School Management System", vendor: "Campcodes", versions: [ { status: "affected", version: "1.0", }, ], }, ], credits: [ { lang: "en", type: "reporter", value: "SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)", }, ], descriptions: [ { lang: "en", value: "A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /view/teacher_salary_invoice.php. The manipulation of the argument desc leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-263122 is the identifier assigned to this vulnerability.", }, { lang: "de", value: "In Campcodes Complete Web-Based School Management System 1.0 wurde eine Schwachstelle ausgemacht. Sie wurde als problematisch eingestuft. Betroffen ist eine unbekannte Verarbeitung der Datei /view/teacher_salary_invoice.php. Mit der Manipulation des Arguments desc mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.", }, ], metrics: [ { cvssV3_1: { baseScore: 3.5, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, }, { cvssV3_0: { baseScore: 3.5, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.0", }, }, { cvssV2_0: { baseScore: 4, vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Cross Site Scripting", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-06T03:31:03.694Z", orgId: "1af790b2-7ee1-4545-860a-a788eba489b5", shortName: "VulDB", }, references: [ { name: "VDB-263122 | Campcodes Complete Web-Based School Management System teacher_salary_invoice.php cross site scripting", tags: [ "vdb-entry", "technical-description", ], url: "https://vuldb.com/?id.263122", }, { name: "VDB-263122 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", ], url: "https://vuldb.com/?ctiid.263122", }, { name: "Submit #329699 | Campcodes Complete Web-Based School Management System ≤1.0 XSS injection", tags: [ "third-party-advisory", ], url: "https://vuldb.com/?submit.329699", }, { tags: [ "exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%206.pdf", }, ], timeline: [ { lang: "en", time: "2024-05-05T00:00:00.000Z", value: "Advisory disclosed", }, { lang: "en", time: "2024-05-05T02:00:00.000Z", value: "VulDB entry created", }, { lang: "en", time: "2024-05-05T13:35:15.000Z", value: "VulDB entry last update", }, ], title: "Campcodes Complete Web-Based School Management System teacher_salary_invoice.php cross site scripting", }, }, cveMetadata: { assignerOrgId: "1af790b2-7ee1-4545-860a-a788eba489b5", assignerShortName: "VulDB", cveId: "CVE-2024-4518", datePublished: "2024-05-06T03:31:03.694Z", dateReserved: "2024-05-05T11:29:52.415Z", dateUpdated: "2024-08-01T20:40:47.434Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-4516
Vulnerability from cvelistv5
Published
2024-05-06 02:31
Modified
2024-08-01 20:40
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
EPSS score ?
Summary
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /view/timetable.php. The manipulation of the argument grade leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263120.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.263120 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.263120 | signature, permissions-required | |
| https://vuldb.com/?submit.329697 | third-party-advisory | |
| https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%204.pdf | exploit |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Campcodes | Complete Web-Based School Management System |
Version: 1.0 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:campcodes:complete_web-based_school_management_system:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "complete_web-based_school_management_system", vendor: "campcodes", versions: [ { lessThanOrEqual: "1.0", status: "affected", version: "-", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-4516", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-05-06T19:33:15.321122Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:53:44.152Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T20:40:47.487Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "VDB-263120 | Campcodes Complete Web-Based School Management System timetable.php cross site scripting", tags: [ "vdb-entry", "technical-description", "x_transferred", ], url: "https://vuldb.com/?id.263120", }, { name: "VDB-263120 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", "x_transferred", ], url: "https://vuldb.com/?ctiid.263120", }, { name: "Submit #329697 | Campcodes Complete Web-Based School Management System ≤1.0 XSS injection", tags: [ "third-party-advisory", "x_transferred", ], url: "https://vuldb.com/?submit.329697", }, { tags: [ "exploit", "x_transferred", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%204.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Complete Web-Based School Management System", vendor: "Campcodes", versions: [ { status: "affected", version: "1.0", }, ], }, ], credits: [ { lang: "en", type: "reporter", value: "SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)", }, ], descriptions: [ { lang: "en", value: "A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /view/timetable.php. The manipulation of the argument grade leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263120.", }, { lang: "de", value: "Eine Schwachstelle wurde in Campcodes Complete Web-Based School Management System 1.0 gefunden. Sie wurde als problematisch eingestuft. Davon betroffen ist unbekannter Code der Datei /view/timetable.php. Dank der Manipulation des Arguments grade mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.", }, ], metrics: [ { cvssV3_1: { baseScore: 3.5, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, }, { cvssV3_0: { baseScore: 3.5, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.0", }, }, { cvssV2_0: { baseScore: 4, vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Cross Site Scripting", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-06T02:31:04.369Z", orgId: "1af790b2-7ee1-4545-860a-a788eba489b5", shortName: "VulDB", }, references: [ { name: "VDB-263120 | Campcodes Complete Web-Based School Management System timetable.php cross site scripting", tags: [ "vdb-entry", "technical-description", ], url: "https://vuldb.com/?id.263120", }, { name: "VDB-263120 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", ], url: "https://vuldb.com/?ctiid.263120", }, { name: "Submit #329697 | Campcodes Complete Web-Based School Management System ≤1.0 XSS injection", tags: [ "third-party-advisory", ], url: "https://vuldb.com/?submit.329697", }, { tags: [ "exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%204.pdf", }, ], timeline: [ { lang: "en", time: "2024-05-05T00:00:00.000Z", value: "Advisory disclosed", }, { lang: "en", time: "2024-05-05T02:00:00.000Z", value: "VulDB entry created", }, { lang: "en", time: "2024-05-05T13:35:12.000Z", value: "VulDB entry last update", }, ], title: "Campcodes Complete Web-Based School Management System timetable.php cross site scripting", }, }, cveMetadata: { assignerOrgId: "1af790b2-7ee1-4545-860a-a788eba489b5", assignerShortName: "VulDB", cveId: "CVE-2024-4516", datePublished: "2024-05-06T02:31:04.369Z", dateReserved: "2024-05-05T11:29:47.222Z", dateUpdated: "2024-08-01T20:40:47.487Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-4683
Vulnerability from cvelistv5
Published
2024-05-09 18:31
Modified
2024-08-01 20:47
Severity ?
5.3 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
EPSS score ?
Summary
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /view/exam_timetable_insert_form.php. The manipulation of the argument exam leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263624.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.263624 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.263624 | signature, permissions-required | |
| https://vuldb.com/?submit.331773 | third-party-advisory | |
| https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2030.pdf | exploit |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Campcodes | Complete Web-Based School Management System |
Version: 1.0 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-4683", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-05-13T13:18:21.977064Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:55:27.266Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T20:47:41.514Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "VDB-263624 | Campcodes Complete Web-Based School Management System exam_timetable_insert_form.php cross site scripting", tags: [ "vdb-entry", "technical-description", "x_transferred", ], url: "https://vuldb.com/?id.263624", }, { name: "VDB-263624 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", "x_transferred", ], url: "https://vuldb.com/?ctiid.263624", }, { name: "Submit #331773 | Campcodes Complete Web-Based School Management System ≤1.0 XSS injection", tags: [ "third-party-advisory", "x_transferred", ], url: "https://vuldb.com/?submit.331773", }, { tags: [ "exploit", "x_transferred", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2030.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Complete Web-Based School Management System", vendor: "Campcodes", versions: [ { status: "affected", version: "1.0", }, ], }, ], credits: [ { lang: "en", type: "reporter", value: "SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)", }, ], descriptions: [ { lang: "en", value: "A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /view/exam_timetable_insert_form.php. The manipulation of the argument exam leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263624.", }, { lang: "de", value: "Eine Schwachstelle wurde in Campcodes Complete Web-Based School Management System 1.0 gefunden. Sie wurde als problematisch eingestuft. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Datei /view/exam_timetable_insert_form.php. Durch das Beeinflussen des Arguments exam mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung.", }, ], metrics: [ { cvssV4_0: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", version: "4.0", }, }, { cvssV3_1: { baseScore: 3.5, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, }, { cvssV3_0: { baseScore: 3.5, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.0", }, }, { cvssV2_0: { baseScore: 4, vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Cross Site Scripting", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-09T18:31:03.718Z", orgId: "1af790b2-7ee1-4545-860a-a788eba489b5", shortName: "VulDB", }, references: [ { name: "VDB-263624 | Campcodes Complete Web-Based School Management System exam_timetable_insert_form.php cross site scripting", tags: [ "vdb-entry", "technical-description", ], url: "https://vuldb.com/?id.263624", }, { name: "VDB-263624 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", ], url: "https://vuldb.com/?ctiid.263624", }, { name: "Submit #331773 | Campcodes Complete Web-Based School Management System ≤1.0 XSS injection", tags: [ "third-party-advisory", ], url: "https://vuldb.com/?submit.331773", }, { tags: [ "exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2030.pdf", }, ], timeline: [ { lang: "en", time: "2024-05-09T00:00:00.000Z", value: "Advisory disclosed", }, { lang: "en", time: "2024-05-09T02:00:00.000Z", value: "VulDB entry created", }, { lang: "en", time: "2024-05-09T10:55:32.000Z", value: "VulDB entry last update", }, ], title: "Campcodes Complete Web-Based School Management System exam_timetable_insert_form.php cross site scripting", }, }, cveMetadata: { assignerOrgId: "1af790b2-7ee1-4545-860a-a788eba489b5", assignerShortName: "VulDB", cveId: "CVE-2024-4683", datePublished: "2024-05-09T18:31:03.718Z", dateReserved: "2024-05-09T08:50:08.902Z", dateUpdated: "2024-08-01T20:47:41.514Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-4648
Vulnerability from cvelistv5
Published
2024-05-08 13:00
Modified
2024-08-01 20:47
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
EPSS score ?
Summary
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /view/student_exam_mark_update_form.php. The manipulation of the argument std_index leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263492.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.263492 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.263492 | signature, permissions-required | |
| https://vuldb.com/?submit.330122 | third-party-advisory | |
| https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2017.pdf | exploit |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Campcodes | Complete Web-Based School Management System |
Version: 1.0 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:campcodes:complete_web-based_school_management_system:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "complete_web-based_school_management_system", vendor: "campcodes", versions: [ { status: "affected", version: "-", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-4648", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-05-08T14:47:05.790686Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:53:37.170Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T20:47:41.428Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "VDB-263492 | Campcodes Complete Web-Based School Management System student_exam_mark_update_form.php cross site scripting", tags: [ "vdb-entry", "technical-description", "x_transferred", ], url: "https://vuldb.com/?id.263492", }, { name: "VDB-263492 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", "x_transferred", ], url: "https://vuldb.com/?ctiid.263492", }, { name: "Submit #330122 | Campcodes Complete Web-Based School Management System ≤1.0 XSS injection", tags: [ "third-party-advisory", "x_transferred", ], url: "https://vuldb.com/?submit.330122", }, { tags: [ "exploit", "x_transferred", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2017.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Complete Web-Based School Management System", vendor: "Campcodes", versions: [ { status: "affected", version: "1.0", }, ], }, ], credits: [ { lang: "en", type: "reporter", value: "SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)", }, ], descriptions: [ { lang: "en", value: "A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /view/student_exam_mark_update_form.php. The manipulation of the argument std_index leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263492.", }, { lang: "de", value: "Eine problematische Schwachstelle wurde in Campcodes Complete Web-Based School Management System 1.0 ausgemacht. Dies betrifft einen unbekannten Teil der Datei /view/student_exam_mark_update_form.php. Durch das Beeinflussen des Arguments std_index mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.", }, ], metrics: [ { cvssV3_1: { baseScore: 3.5, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, }, { cvssV3_0: { baseScore: 3.5, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.0", }, }, { cvssV2_0: { baseScore: 4, vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Cross Site Scripting", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-08T13:00:07.159Z", orgId: "1af790b2-7ee1-4545-860a-a788eba489b5", shortName: "VulDB", }, references: [ { name: "VDB-263492 | Campcodes Complete Web-Based School Management System student_exam_mark_update_form.php cross site scripting", tags: [ "vdb-entry", "technical-description", ], url: "https://vuldb.com/?id.263492", }, { name: "VDB-263492 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", ], url: "https://vuldb.com/?ctiid.263492", }, { name: "Submit #330122 | Campcodes Complete Web-Based School Management System ≤1.0 XSS injection", tags: [ "third-party-advisory", ], url: "https://vuldb.com/?submit.330122", }, { tags: [ "exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2017.pdf", }, ], timeline: [ { lang: "en", time: "2024-05-08T00:00:00.000Z", value: "Advisory disclosed", }, { lang: "en", time: "2024-05-08T02:00:00.000Z", value: "VulDB entry created", }, { lang: "en", time: "2024-05-08T08:02:44.000Z", value: "VulDB entry last update", }, ], title: "Campcodes Complete Web-Based School Management System student_exam_mark_update_form.php cross site scripting", }, }, cveMetadata: { assignerOrgId: "1af790b2-7ee1-4545-860a-a788eba489b5", assignerShortName: "VulDB", cveId: "CVE-2024-4648", datePublished: "2024-05-08T13:00:07.159Z", dateReserved: "2024-05-08T05:57:24.628Z", dateUpdated: "2024-08-01T20:47:41.428Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-4672
Vulnerability from cvelistv5
Published
2024-05-09 03:52
Modified
2024-08-01 20:47
Severity ?
5.3 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
EPSS score ?
Summary
A vulnerability classified as problematic was found in Campcodes Complete Web-Based School Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /view/show_student_subject.php. The manipulation of the argument id leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263593 was assigned to this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.263593 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.263593 | signature, permissions-required | |
| https://vuldb.com/?submit.331307 | third-party-advisory | |
| https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2022.pdf | exploit |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Campcodes | Complete Web-Based School Management System |
Version: 1.0 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:campcodes:complete_web-based_school_management_system:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "complete_web-based_school_management_system", vendor: "campcodes", versions: [ { status: "affected", version: "1.0", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-4672", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-05-09T15:31:09.858372Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:53:30.126Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T20:47:41.550Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "VDB-263593 | Campcodes Complete Web-Based School Management System show_student_subject.php cross site scripting", tags: [ "vdb-entry", "technical-description", "x_transferred", ], url: "https://vuldb.com/?id.263593", }, { name: "VDB-263593 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", "x_transferred", ], url: "https://vuldb.com/?ctiid.263593", }, { name: "Submit #331307 | Campcodes Complete Web-Based School Management System ≤1.0 XSS injection", tags: [ "third-party-advisory", "x_transferred", ], url: "https://vuldb.com/?submit.331307", }, { tags: [ "exploit", "x_transferred", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2022.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Complete Web-Based School Management System", vendor: "Campcodes", versions: [ { status: "affected", version: "1.0", }, ], }, ], credits: [ { lang: "en", type: "reporter", value: "SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)", }, ], descriptions: [ { lang: "en", value: "A vulnerability classified as problematic was found in Campcodes Complete Web-Based School Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /view/show_student_subject.php. The manipulation of the argument id leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263593 was assigned to this vulnerability.", }, { lang: "de", value: "In Campcodes Complete Web-Based School Management System 1.0 wurde eine problematische Schwachstelle entdeckt. Dabei geht es um eine nicht genauer bekannte Funktion der Datei /view/show_student_subject.php. Dank der Manipulation des Arguments id mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.", }, ], metrics: [ { cvssV4_0: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", version: "4.0", }, }, { cvssV3_1: { baseScore: 3.5, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, }, { cvssV3_0: { baseScore: 3.5, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.0", }, }, { cvssV2_0: { baseScore: 4, vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Cross Site Scripting", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-09T03:52:09.858Z", orgId: "1af790b2-7ee1-4545-860a-a788eba489b5", shortName: "VulDB", }, references: [ { name: "VDB-263593 | Campcodes Complete Web-Based School Management System show_student_subject.php cross site scripting", tags: [ "vdb-entry", "technical-description", ], url: "https://vuldb.com/?id.263593", }, { name: "VDB-263593 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", ], url: "https://vuldb.com/?ctiid.263593", }, { name: "Submit #331307 | Campcodes Complete Web-Based School Management System ≤1.0 XSS injection", tags: [ "third-party-advisory", ], url: "https://vuldb.com/?submit.331307", }, { tags: [ "exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2022.pdf", }, ], timeline: [ { lang: "en", time: "2024-05-08T00:00:00.000Z", value: "Advisory disclosed", }, { lang: "en", time: "2024-05-08T02:00:00.000Z", value: "VulDB entry created", }, { lang: "en", time: "2024-05-09T05:41:00.000Z", value: "VulDB entry last update", }, ], title: "Campcodes Complete Web-Based School Management System show_student_subject.php cross site scripting", }, }, cveMetadata: { assignerOrgId: "1af790b2-7ee1-4545-860a-a788eba489b5", assignerShortName: "VulDB", cveId: "CVE-2024-4672", datePublished: "2024-05-09T03:52:09.858Z", dateReserved: "2024-05-09T03:35:36.352Z", dateUpdated: "2024-08-01T20:47:41.550Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-5106
Vulnerability from cvelistv5
Published
2024-05-19 23:00
Modified
2024-08-01 21:03
Severity ?
5.3 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
EPSS score ?
Summary
A vulnerability classified as critical was found in Campcodes Complete Web-Based School Management System 1.0. This vulnerability affects unknown code of the file /view/student_payment_details3.php. The manipulation of the argument index leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-265096.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.265096 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.265096 | signature, permissions-required | |
| https://vuldb.com/?submit.338509 | third-party-advisory | |
| https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2011.pdf | exploit |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Campcodes | Complete Web-Based School Management System |
Version: 1.0 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "complete_web-based_school_management_system", vendor: "campcodes", versions: [ { status: "affected", version: "1.0", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-5106", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-18T15:59:40.391410Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-23T20:47:22.965Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T21:03:10.426Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "VDB-265096 | Campcodes Complete Web-Based School Management System student_payment_details3.php sql injection", tags: [ "vdb-entry", "technical-description", "x_transferred", ], url: "https://vuldb.com/?id.265096", }, { name: "VDB-265096 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", "x_transferred", ], url: "https://vuldb.com/?ctiid.265096", }, { name: "Submit #338509 | Campcodes Complete Web-Based School Management System ≤1.0 SQL Injection", tags: [ "third-party-advisory", "x_transferred", ], url: "https://vuldb.com/?submit.338509", }, { tags: [ "exploit", "x_transferred", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2011.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Complete Web-Based School Management System", vendor: "Campcodes", versions: [ { status: "affected", version: "1.0", }, ], }, ], credits: [ { lang: "en", type: "reporter", value: "SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)", }, ], descriptions: [ { lang: "en", value: "A vulnerability classified as critical was found in Campcodes Complete Web-Based School Management System 1.0. This vulnerability affects unknown code of the file /view/student_payment_details3.php. The manipulation of the argument index leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-265096.", }, { lang: "de", value: "In Campcodes Complete Web-Based School Management System 1.0 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Das betrifft eine unbekannte Funktionalität der Datei /view/student_payment_details3.php. Durch das Manipulieren des Arguments index mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung.", }, ], metrics: [ { cvssV4_0: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", version: "4.0", }, }, { cvssV3_1: { baseScore: 6.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, }, { cvssV3_0: { baseScore: 6.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, }, { cvssV2_0: { baseScore: 6.5, vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-89", description: "CWE-89 SQL Injection", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-19T23:00:05.440Z", orgId: "1af790b2-7ee1-4545-860a-a788eba489b5", shortName: "VulDB", }, references: [ { name: "VDB-265096 | Campcodes Complete Web-Based School Management System student_payment_details3.php sql injection", tags: [ "vdb-entry", "technical-description", ], url: "https://vuldb.com/?id.265096", }, { name: "VDB-265096 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", ], url: "https://vuldb.com/?ctiid.265096", }, { name: "Submit #338509 | Campcodes Complete Web-Based School Management System ≤1.0 SQL Injection", tags: [ "third-party-advisory", ], url: "https://vuldb.com/?submit.338509", }, { tags: [ "exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2011.pdf", }, ], timeline: [ { lang: "en", time: "2024-05-19T00:00:00.000Z", value: "Advisory disclosed", }, { lang: "en", time: "2024-05-19T02:00:00.000Z", value: "VulDB entry created", }, { lang: "en", time: "2024-05-19T07:02:34.000Z", value: "VulDB entry last update", }, ], title: "Campcodes Complete Web-Based School Management System student_payment_details3.php sql injection", }, }, cveMetadata: { assignerOrgId: "1af790b2-7ee1-4545-860a-a788eba489b5", assignerShortName: "VulDB", cveId: "CVE-2024-5106", datePublished: "2024-05-19T23:00:05.440Z", dateReserved: "2024-05-19T04:56:57.752Z", dateUpdated: "2024-08-01T21:03:10.426Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-4677
Vulnerability from cvelistv5
Published
2024-05-09 13:31
Modified
2024-08-01 20:47
Severity ?
5.3 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
EPSS score ?
Summary
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file /view/my_student_exam_marks1.php. The manipulation of the argument year leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-263598 is the identifier assigned to this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.263598 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.263598 | signature, permissions-required | |
| https://vuldb.com/?submit.331314 | third-party-advisory | |
| https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2027.pdf | exploit |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Campcodes | Complete Web-Based School Management System |
Version: 1.0 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:campcodes:complete_web-based_school_management_system:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "complete_web-based_school_management_system", vendor: "campcodes", versions: [ { status: "affected", version: "1.0", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-4677", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-05-09T15:32:45.592886Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:54:50.459Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T20:47:41.458Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "VDB-263598 | Campcodes Complete Web-Based School Management System my_student_exam_marks1.php cross site scripting", tags: [ "vdb-entry", "technical-description", "x_transferred", ], url: "https://vuldb.com/?id.263598", }, { name: "VDB-263598 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", "x_transferred", ], url: "https://vuldb.com/?ctiid.263598", }, { name: "Submit #331314 | Campcodes Complete Web-Based School Management System ≤1.0 XSS injection", tags: [ "third-party-advisory", "x_transferred", ], url: "https://vuldb.com/?submit.331314", }, { tags: [ "exploit", "x_transferred", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2027.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Complete Web-Based School Management System", vendor: "Campcodes", versions: [ { status: "affected", version: "1.0", }, ], }, ], credits: [ { lang: "en", type: "reporter", value: "SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)", }, ], descriptions: [ { lang: "en", value: "A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file /view/my_student_exam_marks1.php. The manipulation of the argument year leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-263598 is the identifier assigned to this vulnerability.", }, { lang: "de", value: "Es wurde eine problematische Schwachstelle in Campcodes Complete Web-Based School Management System 1.0 ausgemacht. Dabei betrifft es einen unbekannter Codeteil der Datei /view/my_student_exam_marks1.php. Mittels dem Manipulieren des Arguments year mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.", }, ], metrics: [ { cvssV4_0: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", version: "4.0", }, }, { cvssV3_1: { baseScore: 3.5, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, }, { cvssV3_0: { baseScore: 3.5, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.0", }, }, { cvssV2_0: { baseScore: 4, vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Cross Site Scripting", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-09T13:31:03.959Z", orgId: "1af790b2-7ee1-4545-860a-a788eba489b5", shortName: "VulDB", }, references: [ { name: "VDB-263598 | Campcodes Complete Web-Based School Management System my_student_exam_marks1.php cross site scripting", tags: [ "vdb-entry", "technical-description", ], url: "https://vuldb.com/?id.263598", }, { name: "VDB-263598 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", ], url: "https://vuldb.com/?ctiid.263598", }, { name: "Submit #331314 | Campcodes Complete Web-Based School Management System ≤1.0 XSS injection", tags: [ "third-party-advisory", ], url: "https://vuldb.com/?submit.331314", }, { tags: [ "exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2027.pdf", }, ], timeline: [ { lang: "en", time: "2024-05-08T00:00:00.000Z", value: "Advisory disclosed", }, { lang: "en", time: "2024-05-08T02:00:00.000Z", value: "VulDB entry created", }, { lang: "en", time: "2024-05-09T05:41:06.000Z", value: "VulDB entry last update", }, ], title: "Campcodes Complete Web-Based School Management System my_student_exam_marks1.php cross site scripting", }, }, cveMetadata: { assignerOrgId: "1af790b2-7ee1-4545-860a-a788eba489b5", assignerShortName: "VulDB", cveId: "CVE-2024-4677", datePublished: "2024-05-09T13:31:03.959Z", dateReserved: "2024-05-09T03:35:50.924Z", dateUpdated: "2024-08-01T20:47:41.458Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-33808
Vulnerability from cvelistv5
Published
2024-05-28 15:52
Modified
2025-02-13 15:52
Severity ?
EPSS score ?
Summary
A SQL injection vulnerability in /model/get_timetable.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the id parameter.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T02:36:04.598Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2020.pdf", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:a:campcodes:complete_web-based_school_management_system:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "complete_web-based_school_management_system", vendor: "campcodes", versions: [ { status: "affected", version: "1.0", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-33808", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-08-20T15:25:31.413062Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-89", description: "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-20T15:27:53.132Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "A SQL injection vulnerability in /model/get_timetable.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the id parameter.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-28T15:52:39.074Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2020.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-33808", datePublished: "2024-05-28T15:52:38.753Z", dateReserved: "2024-04-26T00:00:00.000Z", dateUpdated: "2025-02-13T15:52:51.386Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-4687
Vulnerability from cvelistv5
Published
2024-05-09 21:00
Modified
2024-08-01 20:47
Severity ?
5.3 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
EPSS score ?
Summary
A vulnerability classified as problematic has been found in Campcodes Complete Web-Based School Management System 1.0. Affected is an unknown function of the file /view/create_events.php. The manipulation of the argument my_index leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263628.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.263628 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.263628 | signature, permissions-required | |
| https://vuldb.com/?submit.331777 | third-party-advisory | |
| https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2034.pdf | exploit |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Campcodes | Complete Web-Based School Management System |
Version: 1.0 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:campcodes:complete_web-based_school_management_system:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "complete_web-based_school_management_system", vendor: "campcodes", versions: [ { status: "affected", version: "1.0", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-4687", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-05-11T17:42:26.953407Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:53:45.118Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T20:47:41.214Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "VDB-263628 | Campcodes Complete Web-Based School Management System create_events.php cross site scripting", tags: [ "vdb-entry", "technical-description", "x_transferred", ], url: "https://vuldb.com/?id.263628", }, { name: "VDB-263628 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", "x_transferred", ], url: "https://vuldb.com/?ctiid.263628", }, { name: "Submit #331777 | Campcodes Complete Web-Based School Management System ≤1.0 XSS injection", tags: [ "third-party-advisory", "x_transferred", ], url: "https://vuldb.com/?submit.331777", }, { tags: [ "exploit", "x_transferred", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2034.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Complete Web-Based School Management System", vendor: "Campcodes", versions: [ { status: "affected", version: "1.0", }, ], }, ], credits: [ { lang: "en", type: "reporter", value: "SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)", }, ], descriptions: [ { lang: "en", value: "A vulnerability classified as problematic has been found in Campcodes Complete Web-Based School Management System 1.0. Affected is an unknown function of the file /view/create_events.php. The manipulation of the argument my_index leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263628.", }, { lang: "de", value: "Es wurde eine problematische Schwachstelle in Campcodes Complete Web-Based School Management System 1.0 entdeckt. Dabei betrifft es einen unbekannter Codeteil der Datei /view/create_events.php. Mit der Manipulation des Arguments my_index mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.", }, ], metrics: [ { cvssV4_0: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", version: "4.0", }, }, { cvssV3_1: { baseScore: 3.5, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, }, { cvssV3_0: { baseScore: 3.5, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.0", }, }, { cvssV2_0: { baseScore: 4, vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Cross Site Scripting", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-09T21:00:04.607Z", orgId: "1af790b2-7ee1-4545-860a-a788eba489b5", shortName: "VulDB", }, references: [ { name: "VDB-263628 | Campcodes Complete Web-Based School Management System create_events.php cross site scripting", tags: [ "vdb-entry", "technical-description", ], url: "https://vuldb.com/?id.263628", }, { name: "VDB-263628 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", ], url: "https://vuldb.com/?ctiid.263628", }, { name: "Submit #331777 | Campcodes Complete Web-Based School Management System ≤1.0 XSS injection", tags: [ "third-party-advisory", ], url: "https://vuldb.com/?submit.331777", }, { tags: [ "exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2034.pdf", }, ], timeline: [ { lang: "en", time: "2024-05-09T00:00:00.000Z", value: "Advisory disclosed", }, { lang: "en", time: "2024-05-09T02:00:00.000Z", value: "VulDB entry created", }, { lang: "en", time: "2024-05-09T10:55:38.000Z", value: "VulDB entry last update", }, ], title: "Campcodes Complete Web-Based School Management System create_events.php cross site scripting", }, }, cveMetadata: { assignerOrgId: "1af790b2-7ee1-4545-860a-a788eba489b5", assignerShortName: "VulDB", cveId: "CVE-2024-4687", datePublished: "2024-05-09T21:00:04.607Z", dateReserved: "2024-05-09T08:50:19.766Z", dateUpdated: "2024-08-01T20:47:41.214Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-5115
Vulnerability from cvelistv5
Published
2024-05-20 03:31
Modified
2024-08-01 21:03
Severity ?
5.3 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
EPSS score ?
Summary
A vulnerability classified as critical was found in Campcodes Complete Web-Based School Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /view/teacher_profile.php. The manipulation of the argument index leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-265105 was assigned to this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.265105 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.265105 | signature, permissions-required | |
| https://vuldb.com/?submit.338519 | third-party-advisory | |
| https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2020.pdf | exploit |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Campcodes | Complete Web-Based School Management System |
Version: 1.0 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-5115", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-05-21T15:12:19.417643Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T18:02:30.725Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T21:03:10.817Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "VDB-265105 | Campcodes Complete Web-Based School Management System teacher_profile.php sql injection", tags: [ "vdb-entry", "technical-description", "x_transferred", ], url: "https://vuldb.com/?id.265105", }, { name: "VDB-265105 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", "x_transferred", ], url: "https://vuldb.com/?ctiid.265105", }, { name: "Submit #338519 | Campcodes Complete Web-Based School Management System ≤1.0 SQL Injection", tags: [ "third-party-advisory", "x_transferred", ], url: "https://vuldb.com/?submit.338519", }, { tags: [ "exploit", "x_transferred", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2020.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Complete Web-Based School Management System", vendor: "Campcodes", versions: [ { status: "affected", version: "1.0", }, ], }, ], credits: [ { lang: "en", type: "reporter", value: "SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)", }, ], descriptions: [ { lang: "en", value: "A vulnerability classified as critical was found in Campcodes Complete Web-Based School Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /view/teacher_profile.php. The manipulation of the argument index leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-265105 was assigned to this vulnerability.", }, { lang: "de", value: "In Campcodes Complete Web-Based School Management System 1.0 wurde eine kritische Schwachstelle entdeckt. Es geht um eine nicht näher bekannte Funktion der Datei /view/teacher_profile.php. Mittels dem Manipulieren des Arguments index mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.", }, ], metrics: [ { cvssV4_0: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", version: "4.0", }, }, { cvssV3_1: { baseScore: 6.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, }, { cvssV3_0: { baseScore: 6.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, }, { cvssV2_0: { baseScore: 6.5, vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-89", description: "CWE-89 SQL Injection", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-20T03:31:04.109Z", orgId: "1af790b2-7ee1-4545-860a-a788eba489b5", shortName: "VulDB", }, references: [ { name: "VDB-265105 | Campcodes Complete Web-Based School Management System teacher_profile.php sql injection", tags: [ "vdb-entry", "technical-description", ], url: "https://vuldb.com/?id.265105", }, { name: "VDB-265105 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", ], url: "https://vuldb.com/?ctiid.265105", }, { name: "Submit #338519 | Campcodes Complete Web-Based School Management System ≤1.0 SQL Injection", tags: [ "third-party-advisory", ], url: "https://vuldb.com/?submit.338519", }, { tags: [ "exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2020.pdf", }, ], timeline: [ { lang: "en", time: "2024-05-19T00:00:00.000Z", value: "Advisory disclosed", }, { lang: "en", time: "2024-05-19T02:00:00.000Z", value: "VulDB entry created", }, { lang: "en", time: "2024-05-19T07:02:47.000Z", value: "VulDB entry last update", }, ], title: "Campcodes Complete Web-Based School Management System teacher_profile.php sql injection", }, }, cveMetadata: { assignerOrgId: "1af790b2-7ee1-4545-860a-a788eba489b5", assignerShortName: "VulDB", cveId: "CVE-2024-5115", datePublished: "2024-05-20T03:31:04.109Z", dateReserved: "2024-05-19T04:57:23.725Z", dateUpdated: "2024-08-01T21:03:10.817Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-4514
Vulnerability from cvelistv5
Published
2024-05-06 02:00
Modified
2024-08-01 20:40
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
EPSS score ?
Summary
A vulnerability, which was classified as problematic, was found in Campcodes Complete Web-Based School Management System 1.0. Affected is an unknown function of the file /view/timetable_insert_form.php. The manipulation of the argument grade leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-263118 is the identifier assigned to this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.263118 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.263118 | signature, permissions-required | |
| https://vuldb.com/?submit.329695 | third-party-advisory | |
| https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%202.pdf | exploit |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Campcodes | Complete Web-Based School Management System |
Version: 1.0 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-4514", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-05-06T13:41:38.663243Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:56:33.868Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T20:40:47.430Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "VDB-263118 | Campcodes Complete Web-Based School Management System timetable_insert_form.php cross site scripting", tags: [ "vdb-entry", "technical-description", "x_transferred", ], url: "https://vuldb.com/?id.263118", }, { name: "VDB-263118 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", "x_transferred", ], url: "https://vuldb.com/?ctiid.263118", }, { name: "Submit #329695 | Campcodes Complete Web-Based School Management System ≤1.0 XSS injection", tags: [ "third-party-advisory", "x_transferred", ], url: "https://vuldb.com/?submit.329695", }, { tags: [ "exploit", "x_transferred", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%202.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Complete Web-Based School Management System", vendor: "Campcodes", versions: [ { status: "affected", version: "1.0", }, ], }, ], credits: [ { lang: "en", type: "reporter", value: "SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)", }, ], descriptions: [ { lang: "en", value: "A vulnerability, which was classified as problematic, was found in Campcodes Complete Web-Based School Management System 1.0. Affected is an unknown function of the file /view/timetable_insert_form.php. The manipulation of the argument grade leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-263118 is the identifier assigned to this vulnerability.", }, { lang: "de", value: "Es wurde eine Schwachstelle in Campcodes Complete Web-Based School Management System 1.0 gefunden. Sie wurde als problematisch eingestuft. Dabei betrifft es einen unbekannter Codeteil der Datei /view/timetable_insert_form.php. Durch das Beeinflussen des Arguments grade mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.", }, ], metrics: [ { cvssV3_1: { baseScore: 3.5, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, }, { cvssV3_0: { baseScore: 3.5, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.0", }, }, { cvssV2_0: { baseScore: 4, vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Cross Site Scripting", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-06T02:00:04.978Z", orgId: "1af790b2-7ee1-4545-860a-a788eba489b5", shortName: "VulDB", }, references: [ { name: "VDB-263118 | Campcodes Complete Web-Based School Management System timetable_insert_form.php cross site scripting", tags: [ "vdb-entry", "technical-description", ], url: "https://vuldb.com/?id.263118", }, { name: "VDB-263118 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", ], url: "https://vuldb.com/?ctiid.263118", }, { name: "Submit #329695 | Campcodes Complete Web-Based School Management System ≤1.0 XSS injection", tags: [ "third-party-advisory", ], url: "https://vuldb.com/?submit.329695", }, { tags: [ "exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%202.pdf", }, ], timeline: [ { lang: "en", time: "2024-05-05T00:00:00.000Z", value: "Advisory disclosed", }, { lang: "en", time: "2024-05-05T02:00:00.000Z", value: "VulDB entry created", }, { lang: "en", time: "2024-05-05T13:35:09.000Z", value: "VulDB entry last update", }, ], title: "Campcodes Complete Web-Based School Management System timetable_insert_form.php cross site scripting", }, }, cveMetadata: { assignerOrgId: "1af790b2-7ee1-4545-860a-a788eba489b5", assignerShortName: "VulDB", cveId: "CVE-2024-4514", datePublished: "2024-05-06T02:00:04.978Z", dateReserved: "2024-05-05T11:29:40.033Z", dateUpdated: "2024-08-01T20:40:47.430Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-5231
Vulnerability from cvelistv5
Published
2024-05-23 03:00
Modified
2024-08-01 21:03
Severity ?
5.3 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
EPSS score ?
Summary
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /view/teacher_salary_details.php. The manipulation of the argument index leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-265982 is the identifier assigned to this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.265982 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.265982 | signature, permissions-required | |
| https://vuldb.com/?submit.339807 | third-party-advisory | |
| https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2021.pdf | exploit |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Campcodes | Complete Web-Based School Management System |
Version: 1.0 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "complete_web-based_school_management_system", vendor: "campcodes", versions: [ { status: "affected", version: "1.0", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-5231", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-05-23T16:16:27.712428Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T18:02:42.353Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T21:03:11.116Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "VDB-265982 | Campcodes Complete Web-Based School Management System teacher_salary_details.php sql injection", tags: [ "vdb-entry", "technical-description", "x_transferred", ], url: "https://vuldb.com/?id.265982", }, { name: "VDB-265982 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", "x_transferred", ], url: "https://vuldb.com/?ctiid.265982", }, { name: "Submit #339807 | Campcodes Complete Web-Based School Management System ≤1.0 SQL Injection", tags: [ "third-party-advisory", "x_transferred", ], url: "https://vuldb.com/?submit.339807", }, { tags: [ "exploit", "x_transferred", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2021.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Complete Web-Based School Management System", vendor: "Campcodes", versions: [ { status: "affected", version: "1.0", }, ], }, ], credits: [ { lang: "en", type: "reporter", value: "SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)", }, ], descriptions: [ { lang: "en", value: "A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /view/teacher_salary_details.php. The manipulation of the argument index leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-265982 is the identifier assigned to this vulnerability.", }, { lang: "de", value: "Eine Schwachstelle wurde in Campcodes Complete Web-Based School Management System 1.0 gefunden. Sie wurde als kritisch eingestuft. Dies betrifft einen unbekannten Teil der Datei /view/teacher_salary_details.php. Mit der Manipulation des Arguments index mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.", }, ], metrics: [ { cvssV4_0: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", version: "4.0", }, }, { cvssV3_1: { baseScore: 6.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, }, { cvssV3_0: { baseScore: 6.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, }, { cvssV2_0: { baseScore: 6.5, vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-89", description: "CWE-89 SQL Injection", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-23T03:00:04.303Z", orgId: "1af790b2-7ee1-4545-860a-a788eba489b5", shortName: "VulDB", }, references: [ { name: "VDB-265982 | Campcodes Complete Web-Based School Management System teacher_salary_details.php sql injection", tags: [ "vdb-entry", "technical-description", ], url: "https://vuldb.com/?id.265982", }, { name: "VDB-265982 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", ], url: "https://vuldb.com/?ctiid.265982", }, { name: "Submit #339807 | Campcodes Complete Web-Based School Management System ≤1.0 SQL Injection", tags: [ "third-party-advisory", ], url: "https://vuldb.com/?submit.339807", }, { tags: [ "exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2021.pdf", }, ], timeline: [ { lang: "en", time: "2024-05-22T00:00:00.000Z", value: "Advisory disclosed", }, { lang: "en", time: "2024-05-22T02:00:00.000Z", value: "VulDB entry created", }, { lang: "en", time: "2024-05-22T22:37:12.000Z", value: "VulDB entry last update", }, ], title: "Campcodes Complete Web-Based School Management System teacher_salary_details.php sql injection", }, }, cveMetadata: { assignerOrgId: "1af790b2-7ee1-4545-860a-a788eba489b5", assignerShortName: "VulDB", cveId: "CVE-2024-5231", datePublished: "2024-05-23T03:00:04.303Z", dateReserved: "2024-05-22T20:31:40.363Z", dateUpdated: "2024-08-01T21:03:11.116Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-4647
Vulnerability from cvelistv5
Published
2024-05-08 13:00
Modified
2024-08-01 20:47
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
EPSS score ?
Summary
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /view/student_first_payment.php. The manipulation of the argument index leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263491.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.263491 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.263491 | signature, permissions-required | |
| https://vuldb.com/?submit.330121 | third-party-advisory | |
| https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2016.pdf | exploit |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Campcodes | Complete Web-Based School Management System |
Version: 1.0 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:campcodes:complete_web-based_school_management_system:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "complete_web-based_school_management_system", vendor: "campcodes", versions: [ { status: "affected", version: "1.0", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-4647", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-05-08T14:45:54.803529Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:55:57.859Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T20:47:41.390Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "VDB-263491 | Campcodes Complete Web-Based School Management System student_first_payment.php cross site scripting", tags: [ "vdb-entry", "technical-description", "x_transferred", ], url: "https://vuldb.com/?id.263491", }, { name: "VDB-263491 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", "x_transferred", ], url: "https://vuldb.com/?ctiid.263491", }, { name: "Submit #330121 | Campcodes Complete Web-Based School Management System ≤1.0 XSS injection", tags: [ "third-party-advisory", "x_transferred", ], url: "https://vuldb.com/?submit.330121", }, { tags: [ "exploit", "x_transferred", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2016.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Complete Web-Based School Management System", vendor: "Campcodes", versions: [ { status: "affected", version: "1.0", }, ], }, ], credits: [ { lang: "en", type: "reporter", value: "SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)", }, ], descriptions: [ { lang: "en", value: "A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /view/student_first_payment.php. The manipulation of the argument index leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263491.", }, { lang: "de", value: "In Campcodes Complete Web-Based School Management System 1.0 wurde eine problematische Schwachstelle ausgemacht. Das betrifft eine unbekannte Funktionalität der Datei /view/student_first_payment.php. Durch Manipulieren des Arguments index mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung.", }, ], metrics: [ { cvssV3_1: { baseScore: 3.5, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, }, { cvssV3_0: { baseScore: 3.5, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.0", }, }, { cvssV2_0: { baseScore: 4, vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Cross Site Scripting", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-08T13:00:05.269Z", orgId: "1af790b2-7ee1-4545-860a-a788eba489b5", shortName: "VulDB", }, references: [ { name: "VDB-263491 | Campcodes Complete Web-Based School Management System student_first_payment.php cross site scripting", tags: [ "vdb-entry", "technical-description", ], url: "https://vuldb.com/?id.263491", }, { name: "VDB-263491 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", ], url: "https://vuldb.com/?ctiid.263491", }, { name: "Submit #330121 | Campcodes Complete Web-Based School Management System ≤1.0 XSS injection", tags: [ "third-party-advisory", ], url: "https://vuldb.com/?submit.330121", }, { tags: [ "exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2016.pdf", }, ], timeline: [ { lang: "en", time: "2024-05-08T00:00:00.000Z", value: "Advisory disclosed", }, { lang: "en", time: "2024-05-08T02:00:00.000Z", value: "VulDB entry created", }, { lang: "en", time: "2024-05-08T08:02:42.000Z", value: "VulDB entry last update", }, ], title: "Campcodes Complete Web-Based School Management System student_first_payment.php cross site scripting", }, }, cveMetadata: { assignerOrgId: "1af790b2-7ee1-4545-860a-a788eba489b5", assignerShortName: "VulDB", cveId: "CVE-2024-4647", datePublished: "2024-05-08T13:00:05.269Z", dateReserved: "2024-05-08T05:57:21.719Z", dateUpdated: "2024-08-01T20:47:41.390Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-4652
Vulnerability from cvelistv5
Published
2024-05-08 14:00
Modified
2024-08-01 20:47
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
EPSS score ?
Summary
A vulnerability, which was classified as problematic, was found in Campcodes Complete Web-Based School Management System 1.0. Affected is an unknown function of the file /view/show_teacher2.php. The manipulation of the argument month leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263496.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.263496 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.263496 | signature, permissions-required | |
| https://vuldb.com/?submit.330126 | third-party-advisory | |
| https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2021.pdf | exploit |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Campcodes | Complete Web-Based School Management System |
Version: 1.0 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:campcodes:complete_web-based_school_management_system:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "complete_web-based_school_management_system", vendor: "campcodes", versions: [ { status: "affected", version: "1.0", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-4652", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-05-08T17:34:58.075915Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:53:51.652Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T20:47:41.390Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "VDB-263496 | Campcodes Complete Web-Based School Management System show_teacher2.php cross site scripting", tags: [ "vdb-entry", "technical-description", "x_transferred", ], url: "https://vuldb.com/?id.263496", }, { name: "VDB-263496 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", "x_transferred", ], url: "https://vuldb.com/?ctiid.263496", }, { name: "Submit #330126 | Campcodes Complete Web-Based School Management System ≤1.0 XSS injection", tags: [ "third-party-advisory", "x_transferred", ], url: "https://vuldb.com/?submit.330126", }, { tags: [ "exploit", "x_transferred", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2021.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Complete Web-Based School Management System", vendor: "Campcodes", versions: [ { status: "affected", version: "1.0", }, ], }, ], credits: [ { lang: "en", type: "reporter", value: "SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)", }, ], descriptions: [ { lang: "en", value: "A vulnerability, which was classified as problematic, was found in Campcodes Complete Web-Based School Management System 1.0. Affected is an unknown function of the file /view/show_teacher2.php. The manipulation of the argument month leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263496.", }, { lang: "de", value: "Es wurde eine Schwachstelle in Campcodes Complete Web-Based School Management System 1.0 gefunden. Sie wurde als problematisch eingestuft. Hiervon betroffen ist ein unbekannter Codeblock der Datei /view/show_teacher2.php. Mit der Manipulation des Arguments month mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung.", }, ], metrics: [ { cvssV3_1: { baseScore: 3.5, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, }, { cvssV3_0: { baseScore: 3.5, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.0", }, }, { cvssV2_0: { baseScore: 4, vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Cross Site Scripting", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-08T14:00:06.006Z", orgId: "1af790b2-7ee1-4545-860a-a788eba489b5", shortName: "VulDB", }, references: [ { name: "VDB-263496 | Campcodes Complete Web-Based School Management System show_teacher2.php cross site scripting", tags: [ "vdb-entry", "technical-description", ], url: "https://vuldb.com/?id.263496", }, { name: "VDB-263496 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", ], url: "https://vuldb.com/?ctiid.263496", }, { name: "Submit #330126 | Campcodes Complete Web-Based School Management System ≤1.0 XSS injection", tags: [ "third-party-advisory", ], url: "https://vuldb.com/?submit.330126", }, { tags: [ "exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2021.pdf", }, ], timeline: [ { lang: "en", time: "2024-05-08T00:00:00.000Z", value: "Advisory disclosed", }, { lang: "en", time: "2024-05-08T02:00:00.000Z", value: "VulDB entry created", }, { lang: "en", time: "2024-05-08T08:02:49.000Z", value: "VulDB entry last update", }, ], title: "Campcodes Complete Web-Based School Management System show_teacher2.php cross site scripting", }, }, cveMetadata: { assignerOrgId: "1af790b2-7ee1-4545-860a-a788eba489b5", assignerShortName: "VulDB", cveId: "CVE-2024-4652", datePublished: "2024-05-08T14:00:06.006Z", dateReserved: "2024-05-08T05:57:35.732Z", dateUpdated: "2024-08-01T20:47:41.390Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-4688
Vulnerability from cvelistv5
Published
2024-05-09 21:31
Modified
2024-08-01 20:47
Severity ?
5.3 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
EPSS score ?
Summary
A vulnerability classified as problematic was found in Campcodes Complete Web-Based School Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /view/conversation_history_admin.php. The manipulation of the argument conversation_id leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263629 was assigned to this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.263629 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.263629 | signature, permissions-required | |
| https://vuldb.com/?submit.331778 | third-party-advisory | |
| https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2035.pdf | exploit |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Campcodes | Complete Web-Based School Management System |
Version: 1.0 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-4688", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-06-20T19:48:48.368511Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-20T19:48:56.623Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T20:47:41.395Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "VDB-263629 | Campcodes Complete Web-Based School Management System conversation_history_admin.php cross site scripting", tags: [ "vdb-entry", "technical-description", "x_transferred", ], url: "https://vuldb.com/?id.263629", }, { name: "VDB-263629 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", "x_transferred", ], url: "https://vuldb.com/?ctiid.263629", }, { name: "Submit #331778 | Campcodes Complete Web-Based School Management System ≤1.0 XSS injection", tags: [ "third-party-advisory", "x_transferred", ], url: "https://vuldb.com/?submit.331778", }, { tags: [ "exploit", "x_transferred", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2035.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Complete Web-Based School Management System", vendor: "Campcodes", versions: [ { status: "affected", version: "1.0", }, ], }, ], credits: [ { lang: "en", type: "reporter", value: "SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)", }, ], descriptions: [ { lang: "en", value: "A vulnerability classified as problematic was found in Campcodes Complete Web-Based School Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /view/conversation_history_admin.php. The manipulation of the argument conversation_id leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263629 was assigned to this vulnerability.", }, { lang: "de", value: "In Campcodes Complete Web-Based School Management System 1.0 wurde eine problematische Schwachstelle entdeckt. Hierbei betrifft es unbekannten Programmcode der Datei /view/conversation_history_admin.php. Durch die Manipulation des Arguments conversation_id mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung.", }, ], metrics: [ { cvssV4_0: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", version: "4.0", }, }, { cvssV3_1: { baseScore: 3.5, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, }, { cvssV3_0: { baseScore: 3.5, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.0", }, }, { cvssV2_0: { baseScore: 4, vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Cross Site Scripting", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-09T21:31:04.552Z", orgId: "1af790b2-7ee1-4545-860a-a788eba489b5", shortName: "VulDB", }, references: [ { name: "VDB-263629 | Campcodes Complete Web-Based School Management System conversation_history_admin.php cross site scripting", tags: [ "vdb-entry", "technical-description", ], url: "https://vuldb.com/?id.263629", }, { name: "VDB-263629 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", ], url: "https://vuldb.com/?ctiid.263629", }, { name: "Submit #331778 | Campcodes Complete Web-Based School Management System ≤1.0 XSS injection", tags: [ "third-party-advisory", ], url: "https://vuldb.com/?submit.331778", }, { tags: [ "exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2035.pdf", }, ], timeline: [ { lang: "en", time: "2024-05-09T00:00:00.000Z", value: "Advisory disclosed", }, { lang: "en", time: "2024-05-09T02:00:00.000Z", value: "VulDB entry created", }, { lang: "en", time: "2024-05-09T10:55:40.000Z", value: "VulDB entry last update", }, ], title: "Campcodes Complete Web-Based School Management System conversation_history_admin.php cross site scripting", }, }, cveMetadata: { assignerOrgId: "1af790b2-7ee1-4545-860a-a788eba489b5", assignerShortName: "VulDB", cveId: "CVE-2024-4688", datePublished: "2024-05-09T21:31:04.552Z", dateReserved: "2024-05-09T08:50:23.500Z", dateUpdated: "2024-08-01T20:47:41.395Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-4684
Vulnerability from cvelistv5
Published
2024-05-09 19:31
Modified
2024-08-01 20:47
Severity ?
5.3 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
EPSS score ?
Summary
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /view/exam_timetable_grade_wise.php. The manipulation of the argument exam leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263625 was assigned to this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.263625 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.263625 | signature, permissions-required | |
| https://vuldb.com/?submit.331774 | third-party-advisory | |
| https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2031.pdf | exploit |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Campcodes | Complete Web-Based School Management System |
Version: 1.0 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-4684", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-05-10T13:51:47.813161Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:55:53.632Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T20:47:41.227Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "VDB-263625 | Campcodes Complete Web-Based School Management System exam_timetable_grade_wise.php cross site scripting", tags: [ "vdb-entry", "technical-description", "x_transferred", ], url: "https://vuldb.com/?id.263625", }, { name: "VDB-263625 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", "x_transferred", ], url: "https://vuldb.com/?ctiid.263625", }, { name: "Submit #331774 | Campcodes Complete Web-Based School Management System ≤1.0 XSS injection", tags: [ "third-party-advisory", "x_transferred", ], url: "https://vuldb.com/?submit.331774", }, { tags: [ "exploit", "x_transferred", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2031.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Complete Web-Based School Management System", vendor: "Campcodes", versions: [ { status: "affected", version: "1.0", }, ], }, ], credits: [ { lang: "en", type: "reporter", value: "SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)", }, ], descriptions: [ { lang: "en", value: "A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /view/exam_timetable_grade_wise.php. The manipulation of the argument exam leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263625 was assigned to this vulnerability.", }, { lang: "de", value: "Es wurde eine Schwachstelle in Campcodes Complete Web-Based School Management System 1.0 ausgemacht. Sie wurde als problematisch eingestuft. Es betrifft eine unbekannte Funktion der Datei /view/exam_timetable_grade_wise.php. Durch Beeinflussen des Arguments exam mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.", }, ], metrics: [ { cvssV4_0: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", version: "4.0", }, }, { cvssV3_1: { baseScore: 3.5, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, }, { cvssV3_0: { baseScore: 3.5, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.0", }, }, { cvssV2_0: { baseScore: 4, vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Cross Site Scripting", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-09T19:31:03.717Z", orgId: "1af790b2-7ee1-4545-860a-a788eba489b5", shortName: "VulDB", }, references: [ { name: "VDB-263625 | Campcodes Complete Web-Based School Management System exam_timetable_grade_wise.php cross site scripting", tags: [ "vdb-entry", "technical-description", ], url: "https://vuldb.com/?id.263625", }, { name: "VDB-263625 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", ], url: "https://vuldb.com/?ctiid.263625", }, { name: "Submit #331774 | Campcodes Complete Web-Based School Management System ≤1.0 XSS injection", tags: [ "third-party-advisory", ], url: "https://vuldb.com/?submit.331774", }, { tags: [ "exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2031.pdf", }, ], timeline: [ { lang: "en", time: "2024-05-09T00:00:00.000Z", value: "Advisory disclosed", }, { lang: "en", time: "2024-05-09T02:00:00.000Z", value: "VulDB entry created", }, { lang: "en", time: "2024-05-09T10:55:33.000Z", value: "VulDB entry last update", }, ], title: "Campcodes Complete Web-Based School Management System exam_timetable_grade_wise.php cross site scripting", }, }, cveMetadata: { assignerOrgId: "1af790b2-7ee1-4545-860a-a788eba489b5", assignerShortName: "VulDB", cveId: "CVE-2024-4684", datePublished: "2024-05-09T19:31:03.717Z", dateReserved: "2024-05-09T08:50:11.688Z", dateUpdated: "2024-08-01T20:47:41.227Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-34929
Vulnerability from cvelistv5
Published
2024-05-23 16:25
Modified
2025-02-13 15:53
Severity ?
EPSS score ?
Summary
A SQL injection vulnerability in /view/find_friends.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the my_index parameter.
References
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "complete_web-based_school_management_system", vendor: "campcodes", versions: [ { status: "affected", version: "1.0", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-34929", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-24T13:19:46.419401Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-89", description: "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-24T13:20:43.402Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T02:59:22.584Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2030.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "A SQL injection vulnerability in /view/find_friends.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the my_index parameter.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-23T16:25:18.755Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2030.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-34929", datePublished: "2024-05-23T16:25:18.387Z", dateReserved: "2024-05-09T00:00:00.000Z", dateUpdated: "2025-02-13T15:53:35.037Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-34935
Vulnerability from cvelistv5
Published
2024-05-23 16:34
Modified
2025-02-13 15:53
Severity ?
EPSS score ?
Summary
A SQL injection vulnerability in /view/conversation_history_admin.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the conversation_id parameter.
References
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "complete_web-based_school_management_system", vendor: "campcodes", versions: [ { status: "affected", version: "1.0", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-34935", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-24T13:37:02.512761Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-89", description: "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-24T13:37:41.024Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T02:59:22.636Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2027.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "A SQL injection vulnerability in /view/conversation_history_admin.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the conversation_id parameter.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-23T16:34:29.183Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2027.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-34935", datePublished: "2024-05-23T16:34:28.795Z", dateReserved: "2024-05-09T00:00:00.000Z", dateUpdated: "2025-02-13T15:53:38.722Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-4721
Vulnerability from cvelistv5
Published
2024-05-10 15:31
Modified
2024-08-01 20:47
Severity ?
5.3 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
EPSS score ?
Summary
A vulnerability classified as problematic has been found in Campcodes Complete Web-Based School Management System 1.0. This affects an unknown part of the file /model/add_student_subject.php. The manipulation of the argument index leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263799.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.263799 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.263799 | signature, permissions-required | |
| https://vuldb.com/?submit.331887 | third-party-advisory | |
| https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2044.pdf | exploit |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Campcodes | Complete Web-Based School Management System |
Version: 1.0 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-4721", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-05-10T18:16:30.726081Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-24T15:50:27.087Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T20:47:41.769Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "VDB-263799 | Campcodes Complete Web-Based School Management System add_student_subject.php cross site scripting", tags: [ "vdb-entry", "technical-description", "x_transferred", ], url: "https://vuldb.com/?id.263799", }, { name: "VDB-263799 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", "x_transferred", ], url: "https://vuldb.com/?ctiid.263799", }, { name: "Submit #331887 | Campcodes Complete Web-Based School Management System ≤1.0 XSS injection", tags: [ "third-party-advisory", "x_transferred", ], url: "https://vuldb.com/?submit.331887", }, { tags: [ "exploit", "x_transferred", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2044.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Complete Web-Based School Management System", vendor: "Campcodes", versions: [ { status: "affected", version: "1.0", }, ], }, ], credits: [ { lang: "en", type: "reporter", value: "SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)", }, ], descriptions: [ { lang: "en", value: "A vulnerability classified as problematic has been found in Campcodes Complete Web-Based School Management System 1.0. This affects an unknown part of the file /model/add_student_subject.php. The manipulation of the argument index leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263799.", }, { lang: "de", value: "Es wurde eine Schwachstelle in Campcodes Complete Web-Based School Management System 1.0 entdeckt. Sie wurde als problematisch eingestuft. Betroffen hiervon ist ein unbekannter Ablauf der Datei /model/add_student_subject.php. Durch Manipulieren des Arguments index mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung.", }, ], metrics: [ { cvssV4_0: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", version: "4.0", }, }, { cvssV3_1: { baseScore: 3.5, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, }, { cvssV3_0: { baseScore: 3.5, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.0", }, }, { cvssV2_0: { baseScore: 4, vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Cross Site Scripting", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-10T15:31:04.610Z", orgId: "1af790b2-7ee1-4545-860a-a788eba489b5", shortName: "VulDB", }, references: [ { name: "VDB-263799 | Campcodes Complete Web-Based School Management System add_student_subject.php cross site scripting", tags: [ "vdb-entry", "technical-description", ], url: "https://vuldb.com/?id.263799", }, { name: "VDB-263799 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", ], url: "https://vuldb.com/?ctiid.263799", }, { name: "Submit #331887 | Campcodes Complete Web-Based School Management System ≤1.0 XSS injection", tags: [ "third-party-advisory", ], url: "https://vuldb.com/?submit.331887", }, { tags: [ "exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2044.pdf", }, ], timeline: [ { lang: "en", time: "2024-05-10T00:00:00.000Z", value: "Advisory disclosed", }, { lang: "en", time: "2024-05-10T02:00:00.000Z", value: "VulDB entry created", }, { lang: "en", time: "2024-05-10T07:43:27.000Z", value: "VulDB entry last update", }, ], title: "Campcodes Complete Web-Based School Management System add_student_subject.php cross site scripting", }, }, cveMetadata: { assignerOrgId: "1af790b2-7ee1-4545-860a-a788eba489b5", assignerShortName: "VulDB", cveId: "CVE-2024-4721", datePublished: "2024-05-10T15:31:04.610Z", dateReserved: "2024-05-10T05:38:04.641Z", dateUpdated: "2024-08-01T20:47:41.769Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-4718
Vulnerability from cvelistv5
Published
2024-05-10 14:31
Modified
2024-08-01 20:47
Severity ?
5.3 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
EPSS score ?
Summary
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file /model/delete_student_grade_subject.php. The manipulation of the argument index leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263796.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.263796 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.263796 | signature, permissions-required | |
| https://vuldb.com/?submit.331884 | third-party-advisory | |
| https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2041.pdf | exploit |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Campcodes | Complete Web-Based School Management System |
Version: 1.0 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:campcodes:complete_web-based_school_management_system:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "complete_web-based_school_management_system", vendor: "campcodes", versions: [ { lessThanOrEqual: "1.0", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-4718", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-05-10T16:17:06.988735Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-06T19:51:45.498Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T20:47:41.664Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "VDB-263796 | Campcodes Complete Web-Based School Management System delete_student_grade_subject.php cross site scripting", tags: [ "vdb-entry", "technical-description", "x_transferred", ], url: "https://vuldb.com/?id.263796", }, { name: "VDB-263796 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", "x_transferred", ], url: "https://vuldb.com/?ctiid.263796", }, { name: "Submit #331884 | Campcodes Complete Web-Based School Management System ≤1.0 XSS injection", tags: [ "third-party-advisory", "x_transferred", ], url: "https://vuldb.com/?submit.331884", }, { tags: [ "exploit", "x_transferred", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2041.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Complete Web-Based School Management System", vendor: "Campcodes", versions: [ { status: "affected", version: "1.0", }, ], }, ], credits: [ { lang: "en", type: "reporter", value: "SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)", }, ], descriptions: [ { lang: "en", value: "A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file /model/delete_student_grade_subject.php. The manipulation of the argument index leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263796.", }, { lang: "de", value: "Es wurde eine problematische Schwachstelle in Campcodes Complete Web-Based School Management System 1.0 ausgemacht. Hiervon betroffen ist ein unbekannter Codeblock der Datei /model/delete_student_grade_subject.php. Mittels dem Manipulieren des Arguments index mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung.", }, ], metrics: [ { cvssV4_0: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", version: "4.0", }, }, { cvssV3_1: { baseScore: 3.5, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, }, { cvssV3_0: { baseScore: 3.5, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.0", }, }, { cvssV2_0: { baseScore: 4, vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Cross Site Scripting", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-10T14:31:04.027Z", orgId: "1af790b2-7ee1-4545-860a-a788eba489b5", shortName: "VulDB", }, references: [ { name: "VDB-263796 | Campcodes Complete Web-Based School Management System delete_student_grade_subject.php cross site scripting", tags: [ "vdb-entry", "technical-description", ], url: "https://vuldb.com/?id.263796", }, { name: "VDB-263796 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", ], url: "https://vuldb.com/?ctiid.263796", }, { name: "Submit #331884 | Campcodes Complete Web-Based School Management System ≤1.0 XSS injection", tags: [ "third-party-advisory", ], url: "https://vuldb.com/?submit.331884", }, { tags: [ "exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2041.pdf", }, ], timeline: [ { lang: "en", time: "2024-05-10T00:00:00.000Z", value: "Advisory disclosed", }, { lang: "en", time: "2024-05-10T02:00:00.000Z", value: "VulDB entry created", }, { lang: "en", time: "2024-05-10T07:43:22.000Z", value: "VulDB entry last update", }, ], title: "Campcodes Complete Web-Based School Management System delete_student_grade_subject.php cross site scripting", }, }, cveMetadata: { assignerOrgId: "1af790b2-7ee1-4545-860a-a788eba489b5", assignerShortName: "VulDB", cveId: "CVE-2024-4718", datePublished: "2024-05-10T14:31:04.027Z", dateReserved: "2024-05-10T05:37:56.547Z", dateUpdated: "2024-08-01T20:47:41.664Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2024-05-20 02:15
Modified
2025-02-21 20:12
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /view/student_payment_invoice.php. The manipulation of the argument index leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-265100.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2015.pdf | Exploit | |
| cna@vuldb.com | https://vuldb.com/?ctiid.265100 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.265100 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.338514 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2015.pdf | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?ctiid.265100 | Permissions Required, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.265100 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?submit.338514 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| campcodes | complete_web-based_school_management_system | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", matchCriteriaId: "3B428FEE-6202-4945-8D0F-4E4734D573EC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /view/student_payment_invoice.php. The manipulation of the argument index leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-265100.", }, { lang: "es", value: " Una vulnerabilidad fue encontrada en Campcodes Complete Web-Based School Management System 1.0 y clasificada como crítica. Una función desconocida del archivo /view/student_paid_invoice.php es afectada por esta vulnerabilidad. La manipulación del argumento index conduce a la inyección de SQL. El ataque puede lanzarse de forma remota. El exploit ha sido divulgado al público y puede utilizarse. El identificador de esta vulnerabilidad es VDB-265100.", }, ], id: "CVE-2024-5110", lastModified: "2025-02-21T20:12:32.623", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "cna@vuldb.com", type: "Secondary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.4, source: "cna@vuldb.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], cvssMetricV40: [ { cvssData: { Automatable: "NOT_DEFINED", Recovery: "NOT_DEFINED", Safety: "NOT_DEFINED", attackComplexity: "LOW", attackRequirements: "NONE", attackVector: "NETWORK", availabilityRequirement: "NOT_DEFINED", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityRequirement: "NOT_DEFINED", exploitMaturity: "NOT_DEFINED", integrityRequirement: "NOT_DEFINED", modifiedAttackComplexity: "NOT_DEFINED", modifiedAttackRequirements: "NOT_DEFINED", modifiedAttackVector: "NOT_DEFINED", modifiedPrivilegesRequired: "NOT_DEFINED", modifiedSubAvailabilityImpact: "NOT_DEFINED", modifiedSubConfidentialityImpact: "NOT_DEFINED", modifiedSubIntegrityImpact: "NOT_DEFINED", modifiedUserInteraction: "NOT_DEFINED", modifiedVulnAvailabilityImpact: "NOT_DEFINED", modifiedVulnConfidentialityImpact: "NOT_DEFINED", modifiedVulnIntegrityImpact: "NOT_DEFINED", privilegesRequired: "LOW", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "NONE", subConfidentialityImpact: "NONE", subIntegrityImpact: "NONE", userInteraction: "NONE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", version: "4.0", vulnAvailabilityImpact: "LOW", vulnConfidentialityImpact: "LOW", vulnIntegrityImpact: "LOW", vulnerabilityResponseEffort: "NOT_DEFINED", }, source: "cna@vuldb.com", type: "Secondary", }, ], }, published: "2024-05-20T02:15:09.103", references: [ { source: "cna@vuldb.com", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2015.pdf", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.265100", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?id.265100", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.338514", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2015.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.265100", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?id.265100", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.338514", }, ], sourceIdentifier: "cna@vuldb.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "cna@vuldb.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-89", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-23 04:15
Modified
2025-02-27 01:52
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been classified as critical. This affects an unknown part of the file /view/teacher_salary_details2.php. The manipulation of the argument index leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-265983.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2022.pdf | Exploit | |
| cna@vuldb.com | https://vuldb.com/?ctiid.265983 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.265983 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.339808 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2022.pdf | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?ctiid.265983 | Permissions Required, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.265983 | Permissions Required, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?submit.339808 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| campcodes | complete_web-based_school_management_system | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", matchCriteriaId: "3B428FEE-6202-4945-8D0F-4E4734D573EC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been classified as critical. This affects an unknown part of the file /view/teacher_salary_details2.php. The manipulation of the argument index leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-265983.", }, { lang: "es", value: "Se encontró una vulnerabilidad en Campcodes Complete Web-Based School Management System 1.0. Ha sido clasificada como crítica. Esto afecta a una parte desconocida del archivo /view/teacher_salary_details2.php. La manipulación del índice del argumento conduce a la inyección de SQL. Es posible iniciar el ataque de forma remota. El exploit ha sido divulgado al público y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-265983.", }, ], id: "CVE-2024-5232", lastModified: "2025-02-27T01:52:40.523", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "cna@vuldb.com", type: "Secondary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.4, source: "cna@vuldb.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], cvssMetricV40: [ { cvssData: { Automatable: "NOT_DEFINED", Recovery: "NOT_DEFINED", Safety: "NOT_DEFINED", attackComplexity: "LOW", attackRequirements: "NONE", attackVector: "NETWORK", availabilityRequirement: "NOT_DEFINED", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityRequirement: "NOT_DEFINED", exploitMaturity: "NOT_DEFINED", integrityRequirement: "NOT_DEFINED", modifiedAttackComplexity: "NOT_DEFINED", modifiedAttackRequirements: "NOT_DEFINED", modifiedAttackVector: "NOT_DEFINED", modifiedPrivilegesRequired: "NOT_DEFINED", modifiedSubAvailabilityImpact: "NOT_DEFINED", modifiedSubConfidentialityImpact: "NOT_DEFINED", modifiedSubIntegrityImpact: "NOT_DEFINED", modifiedUserInteraction: "NOT_DEFINED", modifiedVulnAvailabilityImpact: "NOT_DEFINED", modifiedVulnConfidentialityImpact: "NOT_DEFINED", modifiedVulnIntegrityImpact: "NOT_DEFINED", privilegesRequired: "LOW", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "NONE", subConfidentialityImpact: "NONE", subIntegrityImpact: "NONE", userInteraction: "NONE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", version: "4.0", vulnAvailabilityImpact: "LOW", vulnConfidentialityImpact: "LOW", vulnIntegrityImpact: "LOW", vulnerabilityResponseEffort: "NOT_DEFINED", }, source: "cna@vuldb.com", type: "Secondary", }, ], }, published: "2024-05-23T04:15:09.410", references: [ { source: "cna@vuldb.com", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2022.pdf", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.265983", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?id.265983", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.339808", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2022.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.265983", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?id.265983", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.339808", }, ], sourceIdentifier: "cna@vuldb.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "cna@vuldb.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-14 15:44
Modified
2025-02-19 18:08
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability classified as problematic was found in Campcodes Complete Web-Based School Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /view/show_student_subject.php. The manipulation of the argument id leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263593 was assigned to this vulnerability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2022.pdf | Exploit | |
| cna@vuldb.com | https://vuldb.com/?ctiid.263593 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.263593 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.331307 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2022.pdf | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?ctiid.263593 | Permissions Required, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.263593 | Permissions Required, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?submit.331307 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| campcodes | complete_web-based_school_management_system | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", matchCriteriaId: "3B428FEE-6202-4945-8D0F-4E4734D573EC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability classified as problematic was found in Campcodes Complete Web-Based School Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /view/show_student_subject.php. The manipulation of the argument id leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263593 was assigned to this vulnerability.", }, { lang: "es", value: "Una vulnerabilidad fue encontrada en Campcodes Complete Web-Based School Management System 1.0 y clasificada como problemática. Una función desconocida del archivo /view/show_student_subject.php es afectada por esta vulnerabilidad. La manipulación del argumento id conduce a Cross Site Scripting. El ataque se puede lanzar de forma remota. El exploit ha sido divulgado al público y puede utilizarse. A esta vulnerabilidad se le asignó el identificador VDB-263593.", }, ], id: "CVE-2024-4672", lastModified: "2025-02-19T18:08:25.863", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "cna@vuldb.com", type: "Secondary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.5, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 1.4, source: "cna@vuldb.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], cvssMetricV40: [ { cvssData: { Automatable: "NOT_DEFINED", Recovery: "NOT_DEFINED", Safety: "NOT_DEFINED", attackComplexity: "LOW", attackRequirements: "NONE", attackVector: "NETWORK", availabilityRequirement: "NOT_DEFINED", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityRequirement: "NOT_DEFINED", exploitMaturity: "NOT_DEFINED", integrityRequirement: "NOT_DEFINED", modifiedAttackComplexity: "NOT_DEFINED", modifiedAttackRequirements: "NOT_DEFINED", modifiedAttackVector: "NOT_DEFINED", modifiedPrivilegesRequired: "NOT_DEFINED", modifiedSubAvailabilityImpact: "NOT_DEFINED", modifiedSubConfidentialityImpact: "NOT_DEFINED", modifiedSubIntegrityImpact: "NOT_DEFINED", modifiedUserInteraction: "NOT_DEFINED", modifiedVulnAvailabilityImpact: "NOT_DEFINED", modifiedVulnConfidentialityImpact: "NOT_DEFINED", modifiedVulnIntegrityImpact: "NOT_DEFINED", privilegesRequired: "LOW", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "NONE", subConfidentialityImpact: "NONE", subIntegrityImpact: "NONE", userInteraction: "NONE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", version: "4.0", vulnAvailabilityImpact: "NONE", vulnConfidentialityImpact: "NONE", vulnIntegrityImpact: "LOW", vulnerabilityResponseEffort: "NOT_DEFINED", }, source: "cna@vuldb.com", type: "Secondary", }, ], }, published: "2024-05-14T15:44:15.660", references: [ { source: "cna@vuldb.com", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2022.pdf", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.263593", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?id.263593", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.331307", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2022.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.263593", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?id.263593", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.331307", }, ], sourceIdentifier: "cna@vuldb.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "cna@vuldb.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-06 18:15
Modified
2025-03-25 17:20
Severity ?
Summary
SQL injection vulnerability in add_friends.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the friend_index parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| campcodes | complete_web-based_school_management_system | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", matchCriteriaId: "3B428FEE-6202-4945-8D0F-4E4734D573EC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "SQL injection vulnerability in add_friends.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the friend_index parameter.", }, { lang: "es", value: "Vulnerabilidad de inyección SQL en add_friends.php en campcodes Complete Web-Based School Management System 1.0 permite al atacante ejecutar comandos SQL arbitrarios a través del parámetro friend_index.", }, ], id: "CVE-2024-33405", lastModified: "2025-03-25T17:20:43.913", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 4.7, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-05-06T18:15:08.000", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%204.pdf", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%207.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%204.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%207.pdf", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-23 17:15
Modified
2025-03-25 17:19
Severity ?
Summary
A SQL injection vulnerability in /view/find_friends.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the my_index parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| campcodes | complete_web-based_school_management_system | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", matchCriteriaId: "3B428FEE-6202-4945-8D0F-4E4734D573EC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A SQL injection vulnerability in /view/find_friends.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the my_index parameter.", }, { lang: "es", value: "Una vulnerabilidad de inyección SQL en /view/find_friends.php en Campcodes Complete Web-Based School Management System 1.0 permite a un atacante ejecutar comandos SQL arbitrarios a través del parámetro my_index.", }, ], id: "CVE-2024-34929", lastModified: "2025-03-25T17:19:57.043", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-05-23T17:15:29.550", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2030.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2030.pdf", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-14 15:44
Modified
2025-02-19 18:06
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /view/find_friends.php. The manipulation of the argument my_type leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263599.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2028.pdf | Exploit | |
| cna@vuldb.com | https://vuldb.com/?ctiid.263599 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.263599 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.331315 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2028.pdf | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?ctiid.263599 | Permissions Required, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.263599 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?submit.331315 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| campcodes | complete_web-based_school_management_system | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", matchCriteriaId: "3B428FEE-6202-4945-8D0F-4E4734D573EC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /view/find_friends.php. The manipulation of the argument my_type leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263599.", }, { lang: "es", value: "Se encontró una vulnerabilidad en Campcodes Complete Web-Based School Management System 1.0. Ha sido declarada problemática. Una función desconocida del archivo /view/find_friends.php es afectada por esta vulnerabilidad. La manipulación del argumento my_type conduce a Cross Site Scripting. El ataque se puede lanzar de forma remota. El exploit ha sido divulgado al público y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-263599.", }, ], id: "CVE-2024-4678", lastModified: "2025-02-19T18:06:05.967", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "cna@vuldb.com", type: "Secondary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.5, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 1.4, source: "cna@vuldb.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], cvssMetricV40: [ { cvssData: { Automatable: "NOT_DEFINED", Recovery: "NOT_DEFINED", Safety: "NOT_DEFINED", attackComplexity: "LOW", attackRequirements: "NONE", attackVector: "NETWORK", availabilityRequirement: "NOT_DEFINED", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityRequirement: "NOT_DEFINED", exploitMaturity: "NOT_DEFINED", integrityRequirement: "NOT_DEFINED", modifiedAttackComplexity: "NOT_DEFINED", modifiedAttackRequirements: "NOT_DEFINED", modifiedAttackVector: "NOT_DEFINED", modifiedPrivilegesRequired: "NOT_DEFINED", modifiedSubAvailabilityImpact: "NOT_DEFINED", modifiedSubConfidentialityImpact: "NOT_DEFINED", modifiedSubIntegrityImpact: "NOT_DEFINED", modifiedUserInteraction: "NOT_DEFINED", modifiedVulnAvailabilityImpact: "NOT_DEFINED", modifiedVulnConfidentialityImpact: "NOT_DEFINED", modifiedVulnIntegrityImpact: "NOT_DEFINED", privilegesRequired: "LOW", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "NONE", subConfidentialityImpact: "NONE", subIntegrityImpact: "NONE", userInteraction: "NONE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", version: "4.0", vulnAvailabilityImpact: "NONE", vulnConfidentialityImpact: "NONE", vulnIntegrityImpact: "LOW", vulnerabilityResponseEffort: "NOT_DEFINED", }, source: "cna@vuldb.com", type: "Secondary", }, ], }, published: "2024-05-14T15:44:19.620", references: [ { source: "cna@vuldb.com", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2028.pdf", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.263599", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?id.263599", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.331315", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2028.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.263599", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?id.263599", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.331315", }, ], sourceIdentifier: "cna@vuldb.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "cna@vuldb.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-15 19:15
Modified
2025-02-20 21:13
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /view/student_attendance_history1.php. The manipulation of the argument index leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-264443.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%204.pdf | Exploit | |
| cna@vuldb.com | https://vuldb.com/?ctiid.264443 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.264443 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.333294 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%204.pdf | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?ctiid.264443 | Permissions Required, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.264443 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?submit.333294 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| campcodes | complete_web-based_school_management_system | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", matchCriteriaId: "3B428FEE-6202-4945-8D0F-4E4734D573EC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /view/student_attendance_history1.php. The manipulation of the argument index leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-264443.", }, { lang: "es", value: "Una vulnerabilidad fue encontrada en Campcodes Complete Web-Based School Management System 1.0 y clasificada como crítica. Este problema afecta un procesamiento desconocido del archivo /view/student_attendance_history1.php. La manipulación del índice del argumento conduce a la inyección de SQL. El ataque puede iniciarse de forma remota. El exploit ha sido divulgado al público y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-264443.", }, ], id: "CVE-2024-4908", lastModified: "2025-02-20T21:13:10.770", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "cna@vuldb.com", type: "Secondary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.4, source: "cna@vuldb.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], cvssMetricV40: [ { cvssData: { Automatable: "NOT_DEFINED", Recovery: "NOT_DEFINED", Safety: "NOT_DEFINED", attackComplexity: "LOW", attackRequirements: "NONE", attackVector: "NETWORK", availabilityRequirement: "NOT_DEFINED", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityRequirement: "NOT_DEFINED", exploitMaturity: "NOT_DEFINED", integrityRequirement: "NOT_DEFINED", modifiedAttackComplexity: "NOT_DEFINED", modifiedAttackRequirements: "NOT_DEFINED", modifiedAttackVector: "NOT_DEFINED", modifiedPrivilegesRequired: "NOT_DEFINED", modifiedSubAvailabilityImpact: "NOT_DEFINED", modifiedSubConfidentialityImpact: "NOT_DEFINED", modifiedSubIntegrityImpact: "NOT_DEFINED", modifiedUserInteraction: "NOT_DEFINED", modifiedVulnAvailabilityImpact: "NOT_DEFINED", modifiedVulnConfidentialityImpact: "NOT_DEFINED", modifiedVulnIntegrityImpact: "NOT_DEFINED", privilegesRequired: "LOW", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "NONE", subConfidentialityImpact: "NONE", subIntegrityImpact: "NONE", userInteraction: "NONE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", version: "4.0", vulnAvailabilityImpact: "LOW", vulnConfidentialityImpact: "LOW", vulnIntegrityImpact: "LOW", vulnerabilityResponseEffort: "NOT_DEFINED", }, source: "cna@vuldb.com", type: "Secondary", }, ], }, published: "2024-05-15T19:15:08.980", references: [ { source: "cna@vuldb.com", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%204.pdf", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.264443", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?id.264443", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.333294", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%204.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.264443", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?id.264443", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.333294", }, ], sourceIdentifier: "cna@vuldb.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "cna@vuldb.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-23 17:15
Modified
2025-03-25 17:19
Severity ?
Summary
A SQL injection vulnerability in /model/update_grade.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the admission_fee parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| campcodes | complete_web-based_school_management_system | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", matchCriteriaId: "3B428FEE-6202-4945-8D0F-4E4734D573EC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A SQL injection vulnerability in /model/update_grade.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the admission_fee parameter.", }, { lang: "es", value: "Una vulnerabilidad de inyección SQL en /model/update_grade.php en Campcodes Complete Web-Based School Management System 1.0 permite a un atacante ejecutar comandos SQL arbitrarios a través del parámetro admission_fee.", }, ], id: "CVE-2024-34933", lastModified: "2025-03-25T17:19:35.307", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.4, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-05-23T17:15:30.107", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2023.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2023.pdf", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-14 15:44
Modified
2025-02-19 18:39
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability classified as problematic has been found in Campcodes Complete Web-Based School Management System 1.0. Affected is an unknown function of the file /view/create_events.php. The manipulation of the argument my_index leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263628.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2034.pdf | Exploit | |
| cna@vuldb.com | https://vuldb.com/?ctiid.263628 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.263628 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.331777 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2034.pdf | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?ctiid.263628 | Permissions Required, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.263628 | Permissions Required, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?submit.331777 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| campcodes | complete_web-based_school_management_system | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", matchCriteriaId: "3B428FEE-6202-4945-8D0F-4E4734D573EC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability classified as problematic has been found in Campcodes Complete Web-Based School Management System 1.0. Affected is an unknown function of the file /view/create_events.php. The manipulation of the argument my_index leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263628.", }, { lang: "es", value: "Una vulnerabilidad ha sido encontrada en Campcodes Complete Web-Based School Management System 1.0 y clasificada como problemática. Una función desconocida del archivo /view/create_events.php es afectada por esta vulnerabilidad. La manipulación del argumento my_index conduce a Cross Site Scripting. Es posible lanzar el ataque de forma remota. El exploit ha sido divulgado al público y puede utilizarse. El identificador de esta vulnerabilidad es VDB-263628.", }, ], id: "CVE-2024-4687", lastModified: "2025-02-19T18:39:56.967", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "cna@vuldb.com", type: "Secondary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.5, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 1.4, source: "cna@vuldb.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], cvssMetricV40: [ { cvssData: { Automatable: "NOT_DEFINED", Recovery: "NOT_DEFINED", Safety: "NOT_DEFINED", attackComplexity: "LOW", attackRequirements: "NONE", attackVector: "NETWORK", availabilityRequirement: "NOT_DEFINED", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityRequirement: "NOT_DEFINED", exploitMaturity: "NOT_DEFINED", integrityRequirement: "NOT_DEFINED", modifiedAttackComplexity: "NOT_DEFINED", modifiedAttackRequirements: "NOT_DEFINED", modifiedAttackVector: "NOT_DEFINED", modifiedPrivilegesRequired: "NOT_DEFINED", modifiedSubAvailabilityImpact: "NOT_DEFINED", modifiedSubConfidentialityImpact: "NOT_DEFINED", modifiedSubIntegrityImpact: "NOT_DEFINED", modifiedUserInteraction: "NOT_DEFINED", modifiedVulnAvailabilityImpact: "NOT_DEFINED", modifiedVulnConfidentialityImpact: "NOT_DEFINED", modifiedVulnIntegrityImpact: "NOT_DEFINED", privilegesRequired: "LOW", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "NONE", subConfidentialityImpact: "NONE", subIntegrityImpact: "NONE", userInteraction: "NONE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", version: "4.0", vulnAvailabilityImpact: "NONE", vulnConfidentialityImpact: "NONE", vulnIntegrityImpact: "LOW", vulnerabilityResponseEffort: "NOT_DEFINED", }, source: "cna@vuldb.com", type: "Secondary", }, ], }, published: "2024-05-14T15:44:24.323", references: [ { source: "cna@vuldb.com", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2034.pdf", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.263628", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?id.263628", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.331777", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2034.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.263628", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?id.263628", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.331777", }, ], sourceIdentifier: "cna@vuldb.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "cna@vuldb.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-14 15:44
Modified
2025-02-19 18:37
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /view/exam_timetable_grade_wise.php. The manipulation of the argument exam leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263625 was assigned to this vulnerability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2031.pdf | Exploit | |
| cna@vuldb.com | https://vuldb.com/?ctiid.263625 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.263625 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.331774 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2031.pdf | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?ctiid.263625 | Permissions Required, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.263625 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?submit.331774 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| campcodes | complete_web-based_school_management_system | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", matchCriteriaId: "3B428FEE-6202-4945-8D0F-4E4734D573EC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /view/exam_timetable_grade_wise.php. The manipulation of the argument exam leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263625 was assigned to this vulnerability.", }, { lang: "es", value: "Se encontró una vulnerabilidad en Campcodes Complete Web-Based School Management System 1.0. Ha sido clasificada como problemática. Esto afecta a una parte desconocida del archivo /view/exam_timetable_grade_wise.php. La manipulación del examen de argumentos conduce a Cross Site Scripting. Es posible iniciar el ataque de forma remota. El exploit ha sido divulgado al público y puede utilizarse. A esta vulnerabilidad se le asignó el identificador VDB-263625.", }, ], id: "CVE-2024-4684", lastModified: "2025-02-19T18:37:48.787", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "cna@vuldb.com", type: "Secondary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.5, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 1.4, source: "cna@vuldb.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], cvssMetricV40: [ { cvssData: { Automatable: "NOT_DEFINED", Recovery: "NOT_DEFINED", Safety: "NOT_DEFINED", attackComplexity: "LOW", attackRequirements: "NONE", attackVector: "NETWORK", availabilityRequirement: "NOT_DEFINED", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityRequirement: "NOT_DEFINED", exploitMaturity: "NOT_DEFINED", integrityRequirement: "NOT_DEFINED", modifiedAttackComplexity: "NOT_DEFINED", modifiedAttackRequirements: "NOT_DEFINED", modifiedAttackVector: "NOT_DEFINED", modifiedPrivilegesRequired: "NOT_DEFINED", modifiedSubAvailabilityImpact: "NOT_DEFINED", modifiedSubConfidentialityImpact: "NOT_DEFINED", modifiedSubIntegrityImpact: "NOT_DEFINED", modifiedUserInteraction: "NOT_DEFINED", modifiedVulnAvailabilityImpact: "NOT_DEFINED", modifiedVulnConfidentialityImpact: "NOT_DEFINED", modifiedVulnIntegrityImpact: "NOT_DEFINED", privilegesRequired: "LOW", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "NONE", subConfidentialityImpact: "NONE", subIntegrityImpact: "NONE", userInteraction: "NONE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", version: "4.0", vulnAvailabilityImpact: "NONE", vulnConfidentialityImpact: "NONE", vulnIntegrityImpact: "LOW", vulnerabilityResponseEffort: "NOT_DEFINED", }, source: "cna@vuldb.com", type: "Secondary", }, ], }, published: "2024-05-14T15:44:22.293", references: [ { source: "cna@vuldb.com", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2031.pdf", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.263625", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?id.263625", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.331774", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2031.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.263625", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?id.263625", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.331774", }, ], sourceIdentifier: "cna@vuldb.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "cna@vuldb.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-28 16:15
Modified
2025-03-25 17:18
Severity ?
Summary
A SQL injection vulnerability in /model/get_grade.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the id parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| campcodes | complete_web-based_school_management_system | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", matchCriteriaId: "3B428FEE-6202-4945-8D0F-4E4734D573EC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A SQL injection vulnerability in /model/get_grade.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the id parameter.", }, { lang: "es", value: "Una vulnerabilidad de inyección SQL en /model/get_grade.php en campcodes Complete Web-Based School Management System 1.0 permite a un atacante ejecutar comandos SQL arbitrarios a través del parámetro id.", }, ], id: "CVE-2024-33806", lastModified: "2025-03-25T17:18:42.710", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-05-28T16:15:16.620", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2012.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2012.pdf", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-23 17:15
Modified
2025-03-25 17:19
Severity ?
Summary
A SQL injection vulnerability in /view/event1.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the month parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| campcodes | complete_web-based_school_management_system | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", matchCriteriaId: "3B428FEE-6202-4945-8D0F-4E4734D573EC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A SQL injection vulnerability in /view/event1.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the month parameter.", }, { lang: "es", value: "Una vulnerabilidad de inyección SQL en /view/event1.php en Campcodes Complete Web-Based School Management System 1.0 permite a un atacante ejecutar comandos SQL arbitrarios a través del parámetro mes.", }, ], id: "CVE-2024-34936", lastModified: "2025-03-25T17:19:20.710", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 4.7, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-05-23T17:15:30.363", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2029.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2029.pdf", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-14 15:44
Modified
2025-02-20 20:50
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability classified as problematic has been found in Campcodes Complete Web-Based School Management System 1.0. This affects an unknown part of the file /model/add_student_subject.php. The manipulation of the argument index leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263799.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2044.pdf | Exploit | |
| cna@vuldb.com | https://vuldb.com/?ctiid.263799 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.263799 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.331887 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2044.pdf | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?ctiid.263799 | Permissions Required, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.263799 | Permissions Required, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?submit.331887 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| campcodes | complete_web-based_school_management_system | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", matchCriteriaId: "3B428FEE-6202-4945-8D0F-4E4734D573EC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability classified as problematic has been found in Campcodes Complete Web-Based School Management System 1.0. This affects an unknown part of the file /model/add_student_subject.php. The manipulation of the argument index leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263799.", }, { lang: "es", value: "Una vulnerabilidad ha sido encontrada en Campcodes Complete Web-Based School Management System 1.0 y clasificada como problemática. Esto afecta a una parte desconocida del archivo /model/add_student_subject.php. La manipulación del índice de argumentos conduce a Cross Site Scripting. Es posible iniciar el ataque de forma remota. El exploit ha sido divulgado al público y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-263799.", }, ], id: "CVE-2024-4721", lastModified: "2025-02-20T20:50:03.710", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "cna@vuldb.com", type: "Secondary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.5, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 1.4, source: "cna@vuldb.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], cvssMetricV40: [ { cvssData: { Automatable: "NOT_DEFINED", Recovery: "NOT_DEFINED", Safety: "NOT_DEFINED", attackComplexity: "LOW", attackRequirements: "NONE", attackVector: "NETWORK", availabilityRequirement: "NOT_DEFINED", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityRequirement: "NOT_DEFINED", exploitMaturity: "NOT_DEFINED", integrityRequirement: "NOT_DEFINED", modifiedAttackComplexity: "NOT_DEFINED", modifiedAttackRequirements: "NOT_DEFINED", modifiedAttackVector: "NOT_DEFINED", modifiedPrivilegesRequired: "NOT_DEFINED", modifiedSubAvailabilityImpact: "NOT_DEFINED", modifiedSubConfidentialityImpact: "NOT_DEFINED", modifiedSubIntegrityImpact: "NOT_DEFINED", modifiedUserInteraction: "NOT_DEFINED", modifiedVulnAvailabilityImpact: "NOT_DEFINED", modifiedVulnConfidentialityImpact: "NOT_DEFINED", modifiedVulnIntegrityImpact: "NOT_DEFINED", privilegesRequired: "LOW", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "NONE", subConfidentialityImpact: "NONE", subIntegrityImpact: "NONE", userInteraction: "NONE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", version: "4.0", vulnAvailabilityImpact: "NONE", vulnConfidentialityImpact: "NONE", vulnIntegrityImpact: "LOW", vulnerabilityResponseEffort: "NOT_DEFINED", }, source: "cna@vuldb.com", type: "Secondary", }, ], }, published: "2024-05-14T15:44:33.033", references: [ { source: "cna@vuldb.com", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2044.pdf", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.263799", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?id.263799", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.331887", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2044.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.263799", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?id.263799", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.331887", }, ], sourceIdentifier: "cna@vuldb.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "cna@vuldb.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-23 06:15
Modified
2025-03-01 01:43
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
A vulnerability, which was classified as critical, has been found in Campcodes Complete Web-Based School Management System 1.0. Affected by this issue is some unknown functionality of the file /view/timetable_grade_wise.php. The manipulation of the argument grade leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-265988.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2027.pdf | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?ctiid.265988 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.265988 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.339813 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2027.pdf | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?ctiid.265988 | Permissions Required, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.265988 | Permissions Required, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?submit.339813 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| campcodes | complete_web-based_school_management_system | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", matchCriteriaId: "3B428FEE-6202-4945-8D0F-4E4734D573EC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability, which was classified as critical, has been found in Campcodes Complete Web-Based School Management System 1.0. Affected by this issue is some unknown functionality of the file /view/timetable_grade_wise.php. The manipulation of the argument grade leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-265988.", }, { lang: "es", value: "Una vulnerabilidad fue encontrada en Campcodes Complete Web-Based School Management System 1.0 y clasificada como crítica. Una función desconocida del archivo /view/timetable_grade_wise.php es afectada por esta vulnerabilidad. La manipulación del grado del argumento conduce a la inyección de SQL. El ataque puede lanzarse de forma remota. El exploit ha sido divulgado al público y puede utilizarse. El identificador de esta vulnerabilidad es VDB-265988.", }, ], id: "CVE-2024-5237", lastModified: "2025-03-01T01:43:09.697", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "cna@vuldb.com", type: "Secondary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.4, source: "cna@vuldb.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], cvssMetricV40: [ { cvssData: { Automatable: "NOT_DEFINED", Recovery: "NOT_DEFINED", Safety: "NOT_DEFINED", attackComplexity: "LOW", attackRequirements: "NONE", attackVector: "NETWORK", availabilityRequirement: "NOT_DEFINED", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityRequirement: "NOT_DEFINED", exploitMaturity: "NOT_DEFINED", integrityRequirement: "NOT_DEFINED", modifiedAttackComplexity: "NOT_DEFINED", modifiedAttackRequirements: "NOT_DEFINED", modifiedAttackVector: "NOT_DEFINED", modifiedPrivilegesRequired: "NOT_DEFINED", modifiedSubAvailabilityImpact: "NOT_DEFINED", modifiedSubConfidentialityImpact: "NOT_DEFINED", modifiedSubIntegrityImpact: "NOT_DEFINED", modifiedUserInteraction: "NOT_DEFINED", modifiedVulnAvailabilityImpact: "NOT_DEFINED", modifiedVulnConfidentialityImpact: "NOT_DEFINED", modifiedVulnIntegrityImpact: "NOT_DEFINED", privilegesRequired: "LOW", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "NONE", subConfidentialityImpact: "NONE", subIntegrityImpact: "NONE", userInteraction: "NONE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", version: "4.0", vulnAvailabilityImpact: "LOW", vulnConfidentialityImpact: "LOW", vulnIntegrityImpact: "LOW", vulnerabilityResponseEffort: "NOT_DEFINED", }, source: "cna@vuldb.com", type: "Secondary", }, ], }, published: "2024-05-23T06:15:11.953", references: [ { source: "cna@vuldb.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2027.pdf", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.265988", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?id.265988", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.339813", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2027.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.265988", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?id.265988", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.339813", }, ], sourceIdentifier: "cna@vuldb.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "cna@vuldb.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-06 06:15
Modified
2025-02-19 18:02
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability has been found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /view/student_payment_details4.php. The manipulation of the argument index leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263128.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2012.pdf | Exploit | |
| cna@vuldb.com | https://vuldb.com/?ctiid.263128 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.263128 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.329771 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2012.pdf | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?ctiid.263128 | Permissions Required, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.263128 | Permissions Required, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?submit.329771 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| campcodes | complete_web-based_school_management_system | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", matchCriteriaId: "3B428FEE-6202-4945-8D0F-4E4734D573EC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability has been found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /view/student_payment_details4.php. The manipulation of the argument index leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263128.", }, { lang: "es", value: "Una vulnerabilidad ha sido encontrada en Campcodes Complete Web-Based School Management System 1.0 y clasificada como problemática. Esta vulnerabilidad afecta a un código desconocido del archivo /view/student_paid_details4.php. La manipulación del índice de argumentos conduce a cross site scripting. El ataque se puede iniciar de forma remota. El exploit ha sido divulgado al público y puede utilizarse. El identificador de esta vulnerabilidad es VDB-263128.", }, ], id: "CVE-2024-4525", lastModified: "2025-02-19T18:02:57.747", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "cna@vuldb.com", type: "Secondary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.5, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 1.4, source: "cna@vuldb.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-05-06T06:15:07.663", references: [ { source: "cna@vuldb.com", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2012.pdf", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.263128", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?id.263128", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.329771", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2012.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.263128", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?id.263128", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.329771", }, ], sourceIdentifier: "cna@vuldb.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "cna@vuldb.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-06 18:15
Modified
2025-03-25 17:20
Severity ?
Summary
A SQL injection vulnerability in /model/get_admin_profile.php in Campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the my_index parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| campcodes | complete_web-based_school_management_system | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", matchCriteriaId: "3B428FEE-6202-4945-8D0F-4E4734D573EC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A SQL injection vulnerability in /model/get_admin_profile.php in Campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the my_index parameter.", }, { lang: "es", value: "Una vulnerabilidad de inyección SQL en /model/get_admin_profile.php en Campcodes Complete Web-Based School Management System 1.0 permite a un atacante ejecutar comandos SQL arbitrarios a través del parámetro my_index.", }, ], id: "CVE-2024-33411", lastModified: "2025-03-25T17:20:15.283", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-05-06T18:15:08.347", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2010.pdf", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%208.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2010.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%208.pdf", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-28 16:15
Modified
2025-03-25 17:14
Severity ?
Summary
A SQL injection vulnerability in /model/get_teacher_timetable.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the grade parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| campcodes | complete_web-based_school_management_system | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", matchCriteriaId: "3B428FEE-6202-4945-8D0F-4E4734D573EC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A SQL injection vulnerability in /model/get_teacher_timetable.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the grade parameter.", }, { lang: "es", value: "Una vulnerabilidad de inyección SQL en /model/get_teacher_timetable.php en campcodes Complete Web-Based School Management System 1.0 permite a un atacante ejecutar comandos SQL arbitrarios a través del parámetro de calificación.", }, ], id: "CVE-2024-33807", lastModified: "2025-03-25T17:14:05.797", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.5, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-05-28T16:15:16.690", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2019.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2019.pdf", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-23 17:15
Modified
2025-03-25 17:19
Severity ?
Summary
A SQL injection vulnerability in /view/conversation_history_admin.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the conversation_id parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| campcodes | complete_web-based_school_management_system | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", matchCriteriaId: "3B428FEE-6202-4945-8D0F-4E4734D573EC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A SQL injection vulnerability in /view/conversation_history_admin.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the conversation_id parameter.", }, { lang: "es", value: "Una vulnerabilidad de inyección SQL en /view/conversation_history_admin.php en Campcodes Complete Web-Based School Management System 1.0 permite a un atacante ejecutar comandos SQL arbitrarios a través del parámetro conversation_id.", }, ], id: "CVE-2024-34935", lastModified: "2025-03-25T17:19:25.137", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-05-23T17:15:30.280", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2027.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2027.pdf", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-14 15:44
Modified
2025-02-19 18:36
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability has been found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /view/exam_timetable_update_form.php. The manipulation of the argument exam leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263623.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2029.pdf | Exploit | |
| cna@vuldb.com | https://vuldb.com/?ctiid.263623 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.263623 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.331772 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2029.pdf | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?ctiid.263623 | Permissions Required, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.263623 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?submit.331772 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| campcodes | complete_web-based_school_management_system | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", matchCriteriaId: "3B428FEE-6202-4945-8D0F-4E4734D573EC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability has been found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /view/exam_timetable_update_form.php. The manipulation of the argument exam leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263623.", }, { lang: "es", value: "Una vulnerabilidad ha sido encontrada en Campcodes Complete Web-Based School Management System 1.0 y clasificada como problemática. Una función desconocida del archivo /view/exam_timetable_update_form.php es afectada por esta vulnerabilidad. La manipulación del examen de argumentos conduce a Cross Site Scripting. El ataque se puede lanzar de forma remota. El exploit ha sido divulgado al público y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-263623.", }, ], id: "CVE-2024-4682", lastModified: "2025-02-19T18:36:57.870", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "cna@vuldb.com", type: "Secondary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.5, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 1.4, source: "cna@vuldb.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], cvssMetricV40: [ { cvssData: { Automatable: "NOT_DEFINED", Recovery: "NOT_DEFINED", Safety: "NOT_DEFINED", attackComplexity: "LOW", attackRequirements: "NONE", attackVector: "NETWORK", availabilityRequirement: "NOT_DEFINED", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityRequirement: "NOT_DEFINED", exploitMaturity: "NOT_DEFINED", integrityRequirement: "NOT_DEFINED", modifiedAttackComplexity: "NOT_DEFINED", modifiedAttackRequirements: "NOT_DEFINED", modifiedAttackVector: "NOT_DEFINED", modifiedPrivilegesRequired: "NOT_DEFINED", modifiedSubAvailabilityImpact: "NOT_DEFINED", modifiedSubConfidentialityImpact: "NOT_DEFINED", modifiedSubIntegrityImpact: "NOT_DEFINED", modifiedUserInteraction: "NOT_DEFINED", modifiedVulnAvailabilityImpact: "NOT_DEFINED", modifiedVulnConfidentialityImpact: "NOT_DEFINED", modifiedVulnIntegrityImpact: "NOT_DEFINED", privilegesRequired: "LOW", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "NONE", subConfidentialityImpact: "NONE", subIntegrityImpact: "NONE", userInteraction: "NONE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", version: "4.0", vulnAvailabilityImpact: "NONE", vulnConfidentialityImpact: "NONE", vulnIntegrityImpact: "LOW", vulnerabilityResponseEffort: "NOT_DEFINED", }, source: "cna@vuldb.com", type: "Secondary", }, ], }, published: "2024-05-14T15:44:20.960", references: [ { source: "cna@vuldb.com", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2029.pdf", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.263623", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?id.263623", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.331772", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2029.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.263623", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?id.263623", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.331772", }, ], sourceIdentifier: "cna@vuldb.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "cna@vuldb.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-23 17:15
Modified
2025-03-25 17:19
Severity ?
Summary
A SQL injection vulnerability in /view/emarks_range_grade_update_form.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the conversation_id parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| campcodes | complete_web-based_school_management_system | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", matchCriteriaId: "3B428FEE-6202-4945-8D0F-4E4734D573EC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A SQL injection vulnerability in /view/emarks_range_grade_update_form.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the conversation_id parameter.", }, { lang: "es", value: "Una vulnerabilidad de inyección SQL en /view/emarks_range_grade_update_form.php en Campcodes Complete Web-Based School Management System 1.0 permite a un atacante ejecutar comandos SQL arbitrarios a través del parámetro conversation_id.", }, ], id: "CVE-2024-34934", lastModified: "2025-03-25T17:19:30.810", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-05-23T17:15:30.197", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2028.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2028.pdf", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-20 00:15
Modified
2025-02-21 21:18
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
A vulnerability, which was classified as critical, has been found in Campcodes Complete Web-Based School Management System 1.0. This issue affects some unknown processing of the file /view/student_payment_details2.php. The manipulation of the argument index leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-265097 was assigned to this vulnerability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2012.pdf | Exploit | |
| cna@vuldb.com | https://vuldb.com/?ctiid.265097 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.265097 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.338511 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2012.pdf | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?ctiid.265097 | Permissions Required, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.265097 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?submit.338511 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| campcodes | complete_web-based_school_management_system | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", matchCriteriaId: "3B428FEE-6202-4945-8D0F-4E4734D573EC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability, which was classified as critical, has been found in Campcodes Complete Web-Based School Management System 1.0. This issue affects some unknown processing of the file /view/student_payment_details2.php. The manipulation of the argument index leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-265097 was assigned to this vulnerability.", }, { lang: "es", value: "Una vulnerabilidad fue encontrada en Campcodes Complete Web-Based School Management System 1.0 y clasificada como crítica. Este problema afecta un procesamiento desconocido del archivo /view/student_paid_details2.php. La manipulación del argumento index conduce a la inyección de SQL. El ataque puede iniciarse de forma remota. El exploit ha sido divulgado al público y puede utilizarse. A esta vulnerabilidad se le asignó el identificador VDB-265097.", }, ], id: "CVE-2024-5107", lastModified: "2025-02-21T21:18:28.707", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "cna@vuldb.com", type: "Secondary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.4, source: "cna@vuldb.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], cvssMetricV40: [ { cvssData: { Automatable: "NOT_DEFINED", Recovery: "NOT_DEFINED", Safety: "NOT_DEFINED", attackComplexity: "LOW", attackRequirements: "NONE", attackVector: "NETWORK", availabilityRequirement: "NOT_DEFINED", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityRequirement: "NOT_DEFINED", exploitMaturity: "NOT_DEFINED", integrityRequirement: "NOT_DEFINED", modifiedAttackComplexity: "NOT_DEFINED", modifiedAttackRequirements: "NOT_DEFINED", modifiedAttackVector: "NOT_DEFINED", modifiedPrivilegesRequired: "NOT_DEFINED", modifiedSubAvailabilityImpact: "NOT_DEFINED", modifiedSubConfidentialityImpact: "NOT_DEFINED", modifiedSubIntegrityImpact: "NOT_DEFINED", modifiedUserInteraction: "NOT_DEFINED", modifiedVulnAvailabilityImpact: "NOT_DEFINED", modifiedVulnConfidentialityImpact: "NOT_DEFINED", modifiedVulnIntegrityImpact: "NOT_DEFINED", privilegesRequired: "LOW", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "NONE", subConfidentialityImpact: "NONE", subIntegrityImpact: "NONE", userInteraction: "NONE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", version: "4.0", vulnAvailabilityImpact: "LOW", vulnConfidentialityImpact: "LOW", vulnIntegrityImpact: "LOW", vulnerabilityResponseEffort: "NOT_DEFINED", }, source: "cna@vuldb.com", type: "Secondary", }, ], }, published: "2024-05-20T00:15:54.997", references: [ { source: "cna@vuldb.com", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2012.pdf", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.265097", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?id.265097", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.338511", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2012.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.265097", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?id.265097", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.338511", }, ], sourceIdentifier: "cna@vuldb.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "cna@vuldb.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-15 21:15
Modified
2025-02-20 21:31
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /view/student_exam_mark_update_form.php. The manipulation of the argument exam leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-264446 is the identifier assigned to this vulnerability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%207.pdf | Exploit | |
| cna@vuldb.com | https://vuldb.com/?ctiid.264446 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.264446 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.333297 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%207.pdf | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?ctiid.264446 | Permissions Required, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.264446 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?submit.333297 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| campcodes | complete_web-based_school_management_system | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", matchCriteriaId: "3B428FEE-6202-4945-8D0F-4E4734D573EC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /view/student_exam_mark_update_form.php. The manipulation of the argument exam leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-264446 is the identifier assigned to this vulnerability.", }, { lang: "es", value: "Se encontró una vulnerabilidad en Campcodes Complete Web-Based School Management System 1.0. Ha sido calificado como crítico. Una función desconocida del archivo /view/student_exam_mark_update_form.php es afectada por esta vulnerabilidad. La manipulación del examen de argumentos conduce a la inyección de SQL. El ataque puede lanzarse de forma remota. El exploit ha sido divulgado al público y puede utilizarse. VDB-264446 es el identificador asignado a esta vulnerabilidad.", }, ], id: "CVE-2024-4911", lastModified: "2025-02-20T21:31:52.843", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "cna@vuldb.com", type: "Secondary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.4, source: "cna@vuldb.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], cvssMetricV40: [ { cvssData: { Automatable: "NOT_DEFINED", Recovery: "NOT_DEFINED", Safety: "NOT_DEFINED", attackComplexity: "LOW", attackRequirements: "NONE", attackVector: "NETWORK", availabilityRequirement: "NOT_DEFINED", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityRequirement: "NOT_DEFINED", exploitMaturity: "NOT_DEFINED", integrityRequirement: "NOT_DEFINED", modifiedAttackComplexity: "NOT_DEFINED", modifiedAttackRequirements: "NOT_DEFINED", modifiedAttackVector: "NOT_DEFINED", modifiedPrivilegesRequired: "NOT_DEFINED", modifiedSubAvailabilityImpact: "NOT_DEFINED", modifiedSubConfidentialityImpact: "NOT_DEFINED", modifiedSubIntegrityImpact: "NOT_DEFINED", modifiedUserInteraction: "NOT_DEFINED", modifiedVulnAvailabilityImpact: "NOT_DEFINED", modifiedVulnConfidentialityImpact: "NOT_DEFINED", modifiedVulnIntegrityImpact: "NOT_DEFINED", privilegesRequired: "LOW", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "NONE", subConfidentialityImpact: "NONE", subIntegrityImpact: "NONE", userInteraction: "NONE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", version: "4.0", vulnAvailabilityImpact: "LOW", vulnConfidentialityImpact: "LOW", vulnIntegrityImpact: "LOW", vulnerabilityResponseEffort: "NOT_DEFINED", }, source: "cna@vuldb.com", type: "Secondary", }, ], }, published: "2024-05-15T21:15:08.447", references: [ { source: "cna@vuldb.com", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%207.pdf", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.264446", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?id.264446", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.333297", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%207.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.264446", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?id.264446", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.333297", }, ], sourceIdentifier: "cna@vuldb.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "cna@vuldb.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-08 14:15
Modified
2025-02-19 18:08
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability classified as problematic was found in Campcodes Complete Web-Based School Management System 1.0. This vulnerability affects unknown code of the file /view/student_due_payment.php. The manipulation of the argument due_month leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-263494 is the identifier assigned to this vulnerability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2019.pdf | Exploit | |
| cna@vuldb.com | https://vuldb.com/?ctiid.263494 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.263494 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.330124 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2019.pdf | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?ctiid.263494 | Permissions Required, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.263494 | Permissions Required, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?submit.330124 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| campcodes | complete_web-based_school_management_system | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", matchCriteriaId: "3B428FEE-6202-4945-8D0F-4E4734D573EC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability classified as problematic was found in Campcodes Complete Web-Based School Management System 1.0. This vulnerability affects unknown code of the file /view/student_due_payment.php. The manipulation of the argument due_month leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-263494 is the identifier assigned to this vulnerability.", }, { lang: "es", value: "Una vulnerabilidad fue encontrada en Campcodes Complete Web-Based School Management System 1.0 y clasificada como problemática. Esta vulnerabilidad afecta a un código desconocido del archivo /view/student_due_paid.php. La manipulación del argumento due_month conduce a cross site scripting. El ataque se puede iniciar de forma remota. El exploit ha sido divulgado al público y puede utilizarse. VDB-263494 es el identificador asignado a esta vulnerabilidad.", }, ], id: "CVE-2024-4650", lastModified: "2025-02-19T18:08:51.490", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "cna@vuldb.com", type: "Secondary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.5, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 1.4, source: "cna@vuldb.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-05-08T14:15:09.337", references: [ { source: "cna@vuldb.com", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2019.pdf", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.263494", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?id.263494", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.330124", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2019.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.263494", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?id.263494", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.330124", }, ], sourceIdentifier: "cna@vuldb.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "cna@vuldb.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-08 14:15
Modified
2025-02-19 18:09
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability, which was classified as problematic, has been found in Campcodes Complete Web-Based School Management System 1.0. This issue affects some unknown processing of the file /view/student_attendance_history1.php. The manipulation of the argument year leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263495.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2020.pdf | Exploit | |
| cna@vuldb.com | https://vuldb.com/?ctiid.263495 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.263495 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.330125 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2020.pdf | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?ctiid.263495 | Permissions Required, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.263495 | Permissions Required, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?submit.330125 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| campcodes | complete_web-based_school_management_system | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", matchCriteriaId: "3B428FEE-6202-4945-8D0F-4E4734D573EC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability, which was classified as problematic, has been found in Campcodes Complete Web-Based School Management System 1.0. This issue affects some unknown processing of the file /view/student_attendance_history1.php. The manipulation of the argument year leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263495.", }, { lang: "es", value: "Una vulnerabilidad fue encontrada en Campcodes Complete Web-Based School Management System 1.0 y clasificada como problemática. Este problema afecta un procesamiento desconocido del archivo /view/student_attendance_history1.php. La manipulación del argumento año conduce a cross site scripting. El ataque puede iniciarse de forma remota. El exploit ha sido divulgado al público y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-263495.", }, ], id: "CVE-2024-4651", lastModified: "2025-02-19T18:09:07.263", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "cna@vuldb.com", type: "Secondary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.5, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 1.4, source: "cna@vuldb.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-05-08T14:15:09.563", references: [ { source: "cna@vuldb.com", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2020.pdf", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.263495", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?id.263495", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.330125", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2020.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.263495", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?id.263495", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.330125", }, ], sourceIdentifier: "cna@vuldb.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "cna@vuldb.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-15 19:15
Modified
2025-02-20 21:11
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
A vulnerability has been found in Campcodes Complete Web-Based School Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /view/show_student2.php. The manipulation of the argument grade leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-264442 is the identifier assigned to this vulnerability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%203.pdf | Exploit | |
| cna@vuldb.com | https://vuldb.com/?ctiid.264442 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.264442 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.333293 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%203.pdf | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?ctiid.264442 | Permissions Required, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.264442 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?submit.333293 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| campcodes | complete_web-based_school_management_system | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", matchCriteriaId: "3B428FEE-6202-4945-8D0F-4E4734D573EC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability has been found in Campcodes Complete Web-Based School Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /view/show_student2.php. The manipulation of the argument grade leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-264442 is the identifier assigned to this vulnerability.", }, { lang: "es", value: "Una vulnerabilidad ha sido encontrada en Campcodes Complete Web-Based School Management System 1.0 y clasificada como crítica. Esta vulnerabilidad afecta al código desconocido del archivo /view/show_student2.php. La manipulación del grado del argumento conduce a la inyección de SQL. El ataque se puede iniciar de forma remota. El exploit ha sido divulgado al público y puede utilizarse. VDB-264442 es el identificador asignado a esta vulnerabilidad.", }, ], id: "CVE-2024-4907", lastModified: "2025-02-20T21:11:55.467", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "cna@vuldb.com", type: "Secondary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.4, source: "cna@vuldb.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], cvssMetricV40: [ { cvssData: { Automatable: "NOT_DEFINED", Recovery: "NOT_DEFINED", Safety: "NOT_DEFINED", attackComplexity: "LOW", attackRequirements: "NONE", attackVector: "NETWORK", availabilityRequirement: "NOT_DEFINED", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityRequirement: "NOT_DEFINED", exploitMaturity: "NOT_DEFINED", integrityRequirement: "NOT_DEFINED", modifiedAttackComplexity: "NOT_DEFINED", modifiedAttackRequirements: "NOT_DEFINED", modifiedAttackVector: "NOT_DEFINED", modifiedPrivilegesRequired: "NOT_DEFINED", modifiedSubAvailabilityImpact: "NOT_DEFINED", modifiedSubConfidentialityImpact: "NOT_DEFINED", modifiedSubIntegrityImpact: "NOT_DEFINED", modifiedUserInteraction: "NOT_DEFINED", modifiedVulnAvailabilityImpact: "NOT_DEFINED", modifiedVulnConfidentialityImpact: "NOT_DEFINED", modifiedVulnIntegrityImpact: "NOT_DEFINED", privilegesRequired: "LOW", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "NONE", subConfidentialityImpact: "NONE", subIntegrityImpact: "NONE", userInteraction: "NONE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", version: "4.0", vulnAvailabilityImpact: "LOW", vulnConfidentialityImpact: "LOW", vulnIntegrityImpact: "LOW", vulnerabilityResponseEffort: "NOT_DEFINED", }, source: "cna@vuldb.com", type: "Secondary", }, ], }, published: "2024-05-15T19:15:08.607", references: [ { source: "cna@vuldb.com", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%203.pdf", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.264442", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?id.264442", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.333293", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%203.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.264442", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?id.264442", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.333293", }, ], sourceIdentifier: "cna@vuldb.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "cna@vuldb.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-23 05:15
Modified
2025-02-27 01:48
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /view/teacher_salary_details3.php. The manipulation of the argument index leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-265984.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2023.pdf | Exploit | |
| cna@vuldb.com | https://vuldb.com/?ctiid.265984 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.265984 | VDB Entry, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?submit.339809 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2023.pdf | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?ctiid.265984 | Permissions Required, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.265984 | VDB Entry, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?submit.339809 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| campcodes | complete_web-based_school_management_system | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", matchCriteriaId: "3B428FEE-6202-4945-8D0F-4E4734D573EC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /view/teacher_salary_details3.php. The manipulation of the argument index leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-265984.", }, { lang: "es", value: "Se encontró una vulnerabilidad en Campcodes Complete Web-Based School Management System 1.0. Ha sido declarada crítica. Esta vulnerabilidad afecta a un código desconocido del archivo /view/teacher_salary_details3.php. La manipulación del índice del argumento conduce a la inyección de SQL. El ataque se puede iniciar de forma remota. El exploit ha sido divulgado al público y puede utilizarse. El identificador de esta vulnerabilidad es VDB-265984.", }, ], id: "CVE-2024-5233", lastModified: "2025-02-27T01:48:53.927", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "cna@vuldb.com", type: "Secondary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.4, source: "cna@vuldb.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], cvssMetricV40: [ { cvssData: { Automatable: "NOT_DEFINED", Recovery: "NOT_DEFINED", Safety: "NOT_DEFINED", attackComplexity: "LOW", attackRequirements: "NONE", attackVector: "NETWORK", availabilityRequirement: "NOT_DEFINED", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityRequirement: "NOT_DEFINED", exploitMaturity: "NOT_DEFINED", integrityRequirement: "NOT_DEFINED", modifiedAttackComplexity: "NOT_DEFINED", modifiedAttackRequirements: "NOT_DEFINED", modifiedAttackVector: "NOT_DEFINED", modifiedPrivilegesRequired: "NOT_DEFINED", modifiedSubAvailabilityImpact: "NOT_DEFINED", modifiedSubConfidentialityImpact: "NOT_DEFINED", modifiedSubIntegrityImpact: "NOT_DEFINED", modifiedUserInteraction: "NOT_DEFINED", modifiedVulnAvailabilityImpact: "NOT_DEFINED", modifiedVulnConfidentialityImpact: "NOT_DEFINED", modifiedVulnIntegrityImpact: "NOT_DEFINED", privilegesRequired: "LOW", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "NONE", subConfidentialityImpact: "NONE", subIntegrityImpact: "NONE", userInteraction: "NONE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", version: "4.0", vulnAvailabilityImpact: "LOW", vulnConfidentialityImpact: "LOW", vulnIntegrityImpact: "LOW", vulnerabilityResponseEffort: "NOT_DEFINED", }, source: "cna@vuldb.com", type: "Secondary", }, ], }, published: "2024-05-23T05:15:49.360", references: [ { source: "cna@vuldb.com", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2023.pdf", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.265984", }, { source: "cna@vuldb.com", tags: [ "VDB Entry", "Third Party Advisory", ], url: "https://vuldb.com/?id.265984", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.339809", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2023.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.265984", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Third Party Advisory", ], url: "https://vuldb.com/?id.265984", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.339809", }, ], sourceIdentifier: "cna@vuldb.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "cna@vuldb.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-06 05:15
Modified
2025-02-19 18:02
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability, which was classified as problematic, has been found in Campcodes Complete Web-Based School Management System 1.0. Affected by this issue is some unknown functionality of the file /view/teacher_attendance_history1.php. The manipulation of the argument year leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-263126 is the identifier assigned to this vulnerability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2010.pdf | Exploit | |
| cna@vuldb.com | https://vuldb.com/?ctiid.263126 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.263126 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.329769 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2010.pdf | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?ctiid.263126 | Permissions Required, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.263126 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?submit.329769 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| campcodes | complete_web-based_school_management_system | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", matchCriteriaId: "3B428FEE-6202-4945-8D0F-4E4734D573EC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability, which was classified as problematic, has been found in Campcodes Complete Web-Based School Management System 1.0. Affected by this issue is some unknown functionality of the file /view/teacher_attendance_history1.php. The manipulation of the argument year leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-263126 is the identifier assigned to this vulnerability.", }, { lang: "es", value: "Una vulnerabilidad fue encontrada en Campcodes Complete Web-Based School Management System 1.0 y clasificada como problemática. Una función desconocida del archivo /view/teacher_attendance_history1.php es afectada por esta vulnerabilidad. La manipulación del argumento año conduce a cross site scripting. El ataque puede lanzarse de forma remota. El exploit ha sido divulgado al público y puede utilizarse. VDB-263126 es el identificador asignado a esta vulnerabilidad.", }, ], id: "CVE-2024-4523", lastModified: "2025-02-19T18:02:04.190", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "cna@vuldb.com", type: "Secondary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.5, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 1.4, source: "cna@vuldb.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-05-06T05:15:07.083", references: [ { source: "cna@vuldb.com", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2010.pdf", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.263126", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?id.263126", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.329769", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2010.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.263126", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?id.263126", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.329769", }, ], sourceIdentifier: "cna@vuldb.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "cna@vuldb.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-06 03:15
Modified
2025-02-19 17:59
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /view/timetable.php. The manipulation of the argument grade leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263120.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%204.pdf | Exploit | |
| cna@vuldb.com | https://vuldb.com/?ctiid.263120 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.263120 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.329697 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%204.pdf | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?ctiid.263120 | Permissions Required, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.263120 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?submit.329697 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| campcodes | complete_web-based_school_management_system | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", matchCriteriaId: "3B428FEE-6202-4945-8D0F-4E4734D573EC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /view/timetable.php. The manipulation of the argument grade leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263120.", }, { lang: "es", value: "Una vulnerabilidad fue encontrada en Campcodes Complete Web-Based School Management System 1.0 y clasificada como problemática. Una función desconocida del archivo /view/timetable.php es afectada por esta vulnerabilidad. La manipulación de la calificación del argumento conduce a cross site scripting. El ataque puede lanzarse de forma remota. El exploit ha sido divulgado al público y puede utilizarse. El identificador de esta vulnerabilidad es VDB-263120.", }, ], id: "CVE-2024-4516", lastModified: "2025-02-19T17:59:43.577", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "cna@vuldb.com", type: "Secondary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.5, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 1.4, source: "cna@vuldb.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-05-06T03:15:10.063", references: [ { source: "cna@vuldb.com", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%204.pdf", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.263120", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?id.263120", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.329697", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%204.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.263120", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?id.263120", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.329697", }, ], sourceIdentifier: "cna@vuldb.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "cna@vuldb.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-19 23:15
Modified
2025-03-05 16:18
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability classified as critical has been found in Campcodes Complete Web-Based School Management System 1.0. This affects an unknown part of the file /view/student_payment_details.php. The manipulation of the argument index leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-265095.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2010.pdf | Exploit | |
| cna@vuldb.com | https://vuldb.com/?ctiid.265095 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.265095 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.338508 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2010.pdf | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?ctiid.265095 | Permissions Required, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.265095 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?submit.338508 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| campcodes | complete_web-based_school_management_system | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", matchCriteriaId: "3B428FEE-6202-4945-8D0F-4E4734D573EC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability classified as critical has been found in Campcodes Complete Web-Based School Management System 1.0. This affects an unknown part of the file /view/student_payment_details.php. The manipulation of the argument index leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-265095.", }, { lang: "es", value: "Una vulnerabilidad ha sido encontrada en Campcodes Complete Web-Based School Management System 1.0 y clasificada como crítica. Esto afecta a una parte desconocida del archivo /view/student_paid_details.php. La manipulación del argumento index conduce a la inyección de SQL. Es posible iniciar el ataque de forma remota. El exploit ha sido divulgado al público y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-265095.", }, ], id: "CVE-2024-5105", lastModified: "2025-03-05T16:18:19.850", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "cna@vuldb.com", type: "Secondary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.4, source: "cna@vuldb.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], cvssMetricV40: [ { cvssData: { Automatable: "NOT_DEFINED", Recovery: "NOT_DEFINED", Safety: "NOT_DEFINED", attackComplexity: "LOW", attackRequirements: "NONE", attackVector: "NETWORK", availabilityRequirement: "NOT_DEFINED", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityRequirement: "NOT_DEFINED", exploitMaturity: "NOT_DEFINED", integrityRequirement: "NOT_DEFINED", modifiedAttackComplexity: "NOT_DEFINED", modifiedAttackRequirements: "NOT_DEFINED", modifiedAttackVector: "NOT_DEFINED", modifiedPrivilegesRequired: "NOT_DEFINED", modifiedSubAvailabilityImpact: "NOT_DEFINED", modifiedSubConfidentialityImpact: "NOT_DEFINED", modifiedSubIntegrityImpact: "NOT_DEFINED", modifiedUserInteraction: "NOT_DEFINED", modifiedVulnAvailabilityImpact: "NOT_DEFINED", modifiedVulnConfidentialityImpact: "NOT_DEFINED", modifiedVulnIntegrityImpact: "NOT_DEFINED", privilegesRequired: "LOW", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "NONE", subConfidentialityImpact: "NONE", subIntegrityImpact: "NONE", userInteraction: "NONE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", version: "4.0", vulnAvailabilityImpact: "LOW", vulnConfidentialityImpact: "LOW", vulnIntegrityImpact: "LOW", vulnerabilityResponseEffort: "NOT_DEFINED", }, source: "cna@vuldb.com", type: "Secondary", }, ], }, published: "2024-05-19T23:15:07.320", references: [ { source: "cna@vuldb.com", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2010.pdf", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.265095", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?id.265095", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.338508", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2010.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.265095", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?id.265095", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.338508", }, ], sourceIdentifier: "cna@vuldb.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "cna@vuldb.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-06 18:15
Modified
2025-03-25 17:20
Severity ?
Summary
SQL injection vulnerability in /model/delete_record.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the id parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| campcodes | complete_web-based_school_management_system | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", matchCriteriaId: "3B428FEE-6202-4945-8D0F-4E4734D573EC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "SQL injection vulnerability in /model/delete_record.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the id parameter.", }, { lang: "es", value: "Vulnerabilidad de inyección SQL en /model/delete_record.php en campcodes Complete Web-Based School Management System 1.0 permite al atacante ejecutar comandos SQL arbitrarios a través del parámetro id.", }, ], id: "CVE-2024-33407", lastModified: "2025-03-25T17:20:35.300", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, exploitabilityScore: 2.5, impactScore: 3.4, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-05-06T18:15:08.120", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%206.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%206.pdf", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-15 20:15
Modified
2025-02-20 21:25
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /view/student_exam_mark_insert_form1.php. The manipulation of the argument grade leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-264445 was assigned to this vulnerability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%206.pdf | Exploit | |
| cna@vuldb.com | https://vuldb.com/?ctiid.264445 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.264445 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.333296 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%206.pdf | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?ctiid.264445 | Permissions Required, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.264445 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?submit.333296 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| campcodes | complete_web-based_school_management_system | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", matchCriteriaId: "3B428FEE-6202-4945-8D0F-4E4734D573EC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /view/student_exam_mark_insert_form1.php. The manipulation of the argument grade leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-264445 was assigned to this vulnerability.", }, { lang: "es", value: "Se encontró una vulnerabilidad en Campcodes Complete Web-Based School Management System 1.0. Ha sido declarada crítica. Una función desconocida del archivo /view/student_exam_mark_insert_form1.php es afectada por esta vulnerabilidad. La manipulación del grado del argumento conduce a la inyección de SQL. El ataque se puede lanzar de forma remota. El exploit ha sido divulgado al público y puede utilizarse. A esta vulnerabilidad se le asignó el identificador VDB-264445.", }, ], id: "CVE-2024-4910", lastModified: "2025-02-20T21:25:32.727", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "cna@vuldb.com", type: "Secondary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.4, source: "cna@vuldb.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], cvssMetricV40: [ { cvssData: { Automatable: "NOT_DEFINED", Recovery: "NOT_DEFINED", Safety: "NOT_DEFINED", attackComplexity: "LOW", attackRequirements: "NONE", attackVector: "NETWORK", availabilityRequirement: "NOT_DEFINED", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityRequirement: "NOT_DEFINED", exploitMaturity: "NOT_DEFINED", integrityRequirement: "NOT_DEFINED", modifiedAttackComplexity: "NOT_DEFINED", modifiedAttackRequirements: "NOT_DEFINED", modifiedAttackVector: "NOT_DEFINED", modifiedPrivilegesRequired: "NOT_DEFINED", modifiedSubAvailabilityImpact: "NOT_DEFINED", modifiedSubConfidentialityImpact: "NOT_DEFINED", modifiedSubIntegrityImpact: "NOT_DEFINED", modifiedUserInteraction: "NOT_DEFINED", modifiedVulnAvailabilityImpact: "NOT_DEFINED", modifiedVulnConfidentialityImpact: "NOT_DEFINED", modifiedVulnIntegrityImpact: "NOT_DEFINED", privilegesRequired: "LOW", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "NONE", subConfidentialityImpact: "NONE", subIntegrityImpact: "NONE", userInteraction: "NONE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", version: "4.0", vulnAvailabilityImpact: "LOW", vulnConfidentialityImpact: "LOW", vulnIntegrityImpact: "LOW", vulnerabilityResponseEffort: "NOT_DEFINED", }, source: "cna@vuldb.com", type: "Secondary", }, ], }, published: "2024-05-15T20:15:14.167", references: [ { source: "cna@vuldb.com", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%206.pdf", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.264445", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?id.264445", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.333296", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%206.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.264445", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?id.264445", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.333296", }, ], sourceIdentifier: "cna@vuldb.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "cna@vuldb.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-19 22:15
Modified
2025-03-05 16:16
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /view/student_grade_wise.php. The manipulation of the argument grade leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-265094 is the identifier assigned to this vulnerability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%209.pdf | Exploit | |
| cna@vuldb.com | https://vuldb.com/?ctiid.265094 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.265094 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.338507 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%209.pdf | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?ctiid.265094 | Permissions Required, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.265094 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?submit.338507 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| campcodes | complete_web-based_school_management_system | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", matchCriteriaId: "3B428FEE-6202-4945-8D0F-4E4734D573EC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /view/student_grade_wise.php. The manipulation of the argument grade leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-265094 is the identifier assigned to this vulnerability.", }, { lang: "es", value: "Se encontró una vulnerabilidad en Campcodes Complete Web-Based School Management System 1.0. Ha sido calificada como crítica. Una función desconocida del archivo /view/student_grade_wise.php es afectada por esta vulnerabilidad. La manipulación del argumento grade conduce a la inyección de SQL. El ataque puede lanzarse de forma remota. El exploit ha sido divulgado al público y puede utilizarse. VDB-265094 es el identificador asignado a esta vulnerabilidad.", }, ], id: "CVE-2024-5104", lastModified: "2025-03-05T16:16:58.830", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "cna@vuldb.com", type: "Secondary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.4, source: "cna@vuldb.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], cvssMetricV40: [ { cvssData: { Automatable: "NOT_DEFINED", Recovery: "NOT_DEFINED", Safety: "NOT_DEFINED", attackComplexity: "LOW", attackRequirements: "NONE", attackVector: "NETWORK", availabilityRequirement: "NOT_DEFINED", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityRequirement: "NOT_DEFINED", exploitMaturity: "NOT_DEFINED", integrityRequirement: "NOT_DEFINED", modifiedAttackComplexity: "NOT_DEFINED", modifiedAttackRequirements: "NOT_DEFINED", modifiedAttackVector: "NOT_DEFINED", modifiedPrivilegesRequired: "NOT_DEFINED", modifiedSubAvailabilityImpact: "NOT_DEFINED", modifiedSubConfidentialityImpact: "NOT_DEFINED", modifiedSubIntegrityImpact: "NOT_DEFINED", modifiedUserInteraction: "NOT_DEFINED", modifiedVulnAvailabilityImpact: "NOT_DEFINED", modifiedVulnConfidentialityImpact: "NOT_DEFINED", modifiedVulnIntegrityImpact: "NOT_DEFINED", privilegesRequired: "LOW", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "NONE", subConfidentialityImpact: "NONE", subIntegrityImpact: "NONE", userInteraction: "NONE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", version: "4.0", vulnAvailabilityImpact: "LOW", vulnConfidentialityImpact: "LOW", vulnIntegrityImpact: "LOW", vulnerabilityResponseEffort: "NOT_DEFINED", }, source: "cna@vuldb.com", type: "Secondary", }, ], }, published: "2024-05-19T22:15:24.520", references: [ { source: "cna@vuldb.com", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%209.pdf", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.265094", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?id.265094", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.338507", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%209.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.265094", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?id.265094", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.338507", }, ], sourceIdentifier: "cna@vuldb.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "cna@vuldb.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-28 16:15
Modified
2025-03-25 17:18
Severity ?
Summary
A SQL injection vulnerability in /model/get_subject.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the id parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| campcodes | complete_web-based_school_management_system | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", matchCriteriaId: "3B428FEE-6202-4945-8D0F-4E4734D573EC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A SQL injection vulnerability in /model/get_subject.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the id parameter.", }, { lang: "es", value: "Una vulnerabilidad de inyección SQL en /model/get_subject.php en campcodes Complete Web-Based School Management System 1.0 permite a un atacante ejecutar comandos SQL arbitrarios a través del parámetro id.", }, ], id: "CVE-2024-33804", lastModified: "2025-03-25T17:18:52.123", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.4, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-05-28T16:15:16.480", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2016.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2016.pdf", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-28 16:15
Modified
2025-03-25 17:19
Severity ?
Summary
A SQL injection vulnerability in /model/get_student1.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the index parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| campcodes | complete_web-based_school_management_system | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", matchCriteriaId: "3B428FEE-6202-4945-8D0F-4E4734D573EC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A SQL injection vulnerability in /model/get_student1.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the index parameter.", }, { lang: "es", value: "Una vulnerabilidad de inyección SQL en /model/get_student1.php en campcodes Complete Web-Based School Management System 1.0 permite a un atacante ejecutar comandos SQL arbitrarios a través del parámetro index.", }, ], id: "CVE-2024-33800", lastModified: "2025-03-25T17:19:11.513", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-05-28T16:15:16.010", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2015.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2015.pdf", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-28 16:15
Modified
2025-03-25 17:19
Severity ?
Summary
A SQL injection vulnerability in /model/get_subject_routing.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the id parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| campcodes | complete_web-based_school_management_system | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", matchCriteriaId: "3B428FEE-6202-4945-8D0F-4E4734D573EC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A SQL injection vulnerability in /model/get_subject_routing.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the id parameter.", }, { lang: "es", value: "Una vulnerabilidad de inyección SQL en /model/get_subject_routing.php en campcodes Complete Web-Based School Management System 1.0 permite a un atacante ejecutar comandos SQL arbitrarios a través del parámetro id.", }, ], id: "CVE-2024-33801", lastModified: "2025-03-25T17:19:04.297", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-05-28T16:15:16.077", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2017.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2017.pdf", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-06 18:15
Modified
2025-03-25 17:20
Severity ?
Summary
SQL injection vulnerability in index.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the name parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| campcodes | complete_web-based_school_management_system | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", matchCriteriaId: "3B428FEE-6202-4945-8D0F-4E4734D573EC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "SQL injection vulnerability in index.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the name parameter.", }, { lang: "es", value: "Vulnerabilidad de inyección SQL en index.php en campcodes Complete Web-Based School Management System 1.0 permite a un atacante ejecutar comandos SQL arbitrarios a través del parámetro de nombre.", }, ], id: "CVE-2024-33409", lastModified: "2025-03-25T17:20:28.087", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-05-06T18:15:08.230", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%201.pdf", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%208.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%201.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%208.pdf", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-14 15:44
Modified
2025-02-19 19:03
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /model/delete_record.php. The manipulation of the argument page leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263797 was assigned to this vulnerability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2042.pdf | Exploit | |
| cna@vuldb.com | https://vuldb.com/?ctiid.263797 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.263797 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.331885 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2042.pdf | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?ctiid.263797 | Permissions Required, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.263797 | Permissions Required, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?submit.331885 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| campcodes | complete_web-based_school_management_system | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", matchCriteriaId: "3B428FEE-6202-4945-8D0F-4E4734D573EC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /model/delete_record.php. The manipulation of the argument page leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263797 was assigned to this vulnerability.", }, { lang: "es", value: "Se encontró una vulnerabilidad en Campcodes Complete Web-Based School Management System 1.0. Ha sido declarada problemática. Una función desconocida del archivo /model/delete_record.php es afectada por esta vulnerabilidad. La manipulación de la página de argumentos conduce a Cross Site Scripting. El ataque se puede lanzar de forma remota. El exploit ha sido divulgado al público y puede utilizarse. A esta vulnerabilidad se le asignó el identificador VDB-263797.", }, ], id: "CVE-2024-4719", lastModified: "2025-02-19T19:03:18.840", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "cna@vuldb.com", type: "Secondary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.5, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 1.4, source: "cna@vuldb.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], cvssMetricV40: [ { cvssData: { Automatable: "NOT_DEFINED", Recovery: "NOT_DEFINED", Safety: "NOT_DEFINED", attackComplexity: "LOW", attackRequirements: "NONE", attackVector: "NETWORK", availabilityRequirement: "NOT_DEFINED", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityRequirement: "NOT_DEFINED", exploitMaturity: "NOT_DEFINED", integrityRequirement: "NOT_DEFINED", modifiedAttackComplexity: "NOT_DEFINED", modifiedAttackRequirements: "NOT_DEFINED", modifiedAttackVector: "NOT_DEFINED", modifiedPrivilegesRequired: "NOT_DEFINED", modifiedSubAvailabilityImpact: "NOT_DEFINED", modifiedSubConfidentialityImpact: "NOT_DEFINED", modifiedSubIntegrityImpact: "NOT_DEFINED", modifiedUserInteraction: "NOT_DEFINED", modifiedVulnAvailabilityImpact: "NOT_DEFINED", modifiedVulnConfidentialityImpact: "NOT_DEFINED", modifiedVulnIntegrityImpact: "NOT_DEFINED", privilegesRequired: "LOW", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "NONE", subConfidentialityImpact: "NONE", subIntegrityImpact: "NONE", userInteraction: "NONE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", version: "4.0", vulnAvailabilityImpact: "NONE", vulnConfidentialityImpact: "NONE", vulnIntegrityImpact: "LOW", vulnerabilityResponseEffort: "NOT_DEFINED", }, source: "cna@vuldb.com", type: "Secondary", }, ], }, published: "2024-05-14T15:44:31.847", references: [ { source: "cna@vuldb.com", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2042.pdf", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.263797", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?id.263797", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.331885", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2042.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.263797", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?id.263797", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.331885", }, ], sourceIdentifier: "cna@vuldb.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "cna@vuldb.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-06 18:15
Modified
2025-03-25 17:20
Severity ?
Summary
A SQL injection vulnerability in /model/get_classroom.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the id parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| campcodes | complete_web-based_school_management_system | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", matchCriteriaId: "3B428FEE-6202-4945-8D0F-4E4734D573EC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A SQL injection vulnerability in /model/get_classroom.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the id parameter.", }, { lang: "es", value: "Una vulnerabilidad de inyección SQL en /model/get_classroom.php en campcodes Complete Web-Based School Management System 1.0 permite a un atacante ejecutar comandos SQL arbitrarios a través del parámetro id.", }, ], id: "CVE-2024-33408", lastModified: "2025-03-25T17:20:32.267", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-05-06T18:15:08.170", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%207.pdf", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%209.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%207.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%209.pdf", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-14 15:44
Modified
2025-02-19 18:40
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability classified as problematic was found in Campcodes Complete Web-Based School Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /view/conversation_history_admin.php. The manipulation of the argument conversation_id leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263629 was assigned to this vulnerability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2035.pdf | Exploit | |
| cna@vuldb.com | https://vuldb.com/?ctiid.263629 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.263629 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.331778 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2035.pdf | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?ctiid.263629 | Permissions Required, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.263629 | Permissions Required, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?submit.331778 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| campcodes | complete_web-based_school_management_system | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", matchCriteriaId: "3B428FEE-6202-4945-8D0F-4E4734D573EC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability classified as problematic was found in Campcodes Complete Web-Based School Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /view/conversation_history_admin.php. The manipulation of the argument conversation_id leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263629 was assigned to this vulnerability.", }, { lang: "es", value: "Una vulnerabilidad fue encontrada en Campcodes Complete Web-Based School Management System 1.0 y clasificada como problemática. Una función desconocida del archivo /view/conversation_history_admin.php es afectada por esta vulnerabilidad. La manipulación del argumento id_conversación conduce a Cross Site Scripting. El ataque se puede lanzar de forma remota. El exploit ha sido divulgado al público y puede utilizarse. A esta vulnerabilidad se le asignó el identificador VDB-263629.", }, ], id: "CVE-2024-4688", lastModified: "2025-02-19T18:40:17.157", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "cna@vuldb.com", type: "Secondary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.5, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 1.4, source: "cna@vuldb.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], cvssMetricV40: [ { cvssData: { Automatable: "NOT_DEFINED", Recovery: "NOT_DEFINED", Safety: "NOT_DEFINED", attackComplexity: "LOW", attackRequirements: "NONE", attackVector: "NETWORK", availabilityRequirement: "NOT_DEFINED", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityRequirement: "NOT_DEFINED", exploitMaturity: "NOT_DEFINED", integrityRequirement: "NOT_DEFINED", modifiedAttackComplexity: "NOT_DEFINED", modifiedAttackRequirements: "NOT_DEFINED", modifiedAttackVector: "NOT_DEFINED", modifiedPrivilegesRequired: "NOT_DEFINED", modifiedSubAvailabilityImpact: "NOT_DEFINED", modifiedSubConfidentialityImpact: "NOT_DEFINED", modifiedSubIntegrityImpact: "NOT_DEFINED", modifiedUserInteraction: "NOT_DEFINED", modifiedVulnAvailabilityImpact: "NOT_DEFINED", modifiedVulnConfidentialityImpact: "NOT_DEFINED", modifiedVulnIntegrityImpact: "NOT_DEFINED", privilegesRequired: "LOW", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "NONE", subConfidentialityImpact: "NONE", subIntegrityImpact: "NONE", userInteraction: "NONE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", version: "4.0", vulnAvailabilityImpact: "NONE", vulnConfidentialityImpact: "NONE", vulnIntegrityImpact: "LOW", vulnerabilityResponseEffort: "NOT_DEFINED", }, source: "cna@vuldb.com", type: "Secondary", }, ], }, published: "2024-05-14T15:44:24.953", references: [ { source: "cna@vuldb.com", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2035.pdf", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.263629", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?id.263629", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.331778", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2035.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.263629", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?id.263629", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.331778", }, ], sourceIdentifier: "cna@vuldb.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "cna@vuldb.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-19 23:15
Modified
2025-03-05 16:18
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability classified as critical was found in Campcodes Complete Web-Based School Management System 1.0. This vulnerability affects unknown code of the file /view/student_payment_details3.php. The manipulation of the argument index leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-265096.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2011.pdf | Exploit | |
| cna@vuldb.com | https://vuldb.com/?ctiid.265096 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.265096 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.338509 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2011.pdf | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?ctiid.265096 | Permissions Required, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.265096 | Permissions Required, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?submit.338509 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| campcodes | complete_web-based_school_management_system | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", matchCriteriaId: "3B428FEE-6202-4945-8D0F-4E4734D573EC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability classified as critical was found in Campcodes Complete Web-Based School Management System 1.0. This vulnerability affects unknown code of the file /view/student_payment_details3.php. The manipulation of the argument index leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-265096.", }, { lang: "es", value: " Una vulnerabilidad fue encontrada en Campcodes Complete Web-Based School Management System 1.0 y clasificada como crítica. Esta vulnerabilidad afecta a un código desconocido del archivo /view/student_paid_details3.php. La manipulación del argumento index conduce a la inyección de SQL. El ataque se puede iniciar de forma remota. El exploit ha sido divulgado al público y puede utilizarse. El identificador de esta vulnerabilidad es VDB-265096.", }, ], id: "CVE-2024-5106", lastModified: "2025-03-05T16:18:39.727", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "cna@vuldb.com", type: "Secondary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.4, source: "cna@vuldb.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], cvssMetricV40: [ { cvssData: { Automatable: "NOT_DEFINED", Recovery: "NOT_DEFINED", Safety: "NOT_DEFINED", attackComplexity: "LOW", attackRequirements: "NONE", attackVector: "NETWORK", availabilityRequirement: "NOT_DEFINED", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityRequirement: "NOT_DEFINED", exploitMaturity: "NOT_DEFINED", integrityRequirement: "NOT_DEFINED", modifiedAttackComplexity: "NOT_DEFINED", modifiedAttackRequirements: "NOT_DEFINED", modifiedAttackVector: "NOT_DEFINED", modifiedPrivilegesRequired: "NOT_DEFINED", modifiedSubAvailabilityImpact: "NOT_DEFINED", modifiedSubConfidentialityImpact: "NOT_DEFINED", modifiedSubIntegrityImpact: "NOT_DEFINED", modifiedUserInteraction: "NOT_DEFINED", modifiedVulnAvailabilityImpact: "NOT_DEFINED", modifiedVulnConfidentialityImpact: "NOT_DEFINED", modifiedVulnIntegrityImpact: "NOT_DEFINED", privilegesRequired: "LOW", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "NONE", subConfidentialityImpact: "NONE", subIntegrityImpact: "NONE", userInteraction: "NONE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", version: "4.0", vulnAvailabilityImpact: "LOW", vulnConfidentialityImpact: "LOW", vulnIntegrityImpact: "LOW", vulnerabilityResponseEffort: "NOT_DEFINED", }, source: "cna@vuldb.com", type: "Secondary", }, ], }, published: "2024-05-19T23:15:07.600", references: [ { source: "cna@vuldb.com", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2011.pdf", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.265096", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?id.265096", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.338509", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2011.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.265096", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?id.265096", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.338509", }, ], sourceIdentifier: "cna@vuldb.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "cna@vuldb.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-06 06:15
Modified
2025-02-19 18:02
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability, which was classified as problematic, was found in Campcodes Complete Web-Based School Management System 1.0. This affects an unknown part of the file /view/student_payment_invoice.php. The manipulation of the argument desc leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263127.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2011.pdf | Exploit | |
| cna@vuldb.com | https://vuldb.com/?ctiid.263127 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.263127 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.329770 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2011.pdf | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?ctiid.263127 | Permissions Required, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.263127 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?submit.329770 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| campcodes | complete_web-based_school_management_system | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", matchCriteriaId: "3B428FEE-6202-4945-8D0F-4E4734D573EC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability, which was classified as problematic, was found in Campcodes Complete Web-Based School Management System 1.0. This affects an unknown part of the file /view/student_payment_invoice.php. The manipulation of the argument desc leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263127.", }, { lang: "es", value: "Una vulnerabilidad fue encontrada en Campcodes Complete Web-Based School Management System 1.0 y clasificada como problemática. Esto afecta a una parte desconocida del archivo /view/student_paid_invoice.php. La manipulación del argumento desc conduce a cross site scripting. Es posible iniciar el ataque de forma remota. El exploit ha sido divulgado al público y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-263127.", }, ], id: "CVE-2024-4524", lastModified: "2025-02-19T18:02:32.757", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "cna@vuldb.com", type: "Secondary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.5, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 1.4, source: "cna@vuldb.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-05-06T06:15:07.257", references: [ { source: "cna@vuldb.com", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2011.pdf", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.263127", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?id.263127", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.329770", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2011.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.263127", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?id.263127", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.329770", }, ], sourceIdentifier: "cna@vuldb.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "cna@vuldb.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-14 15:44
Modified
2025-02-20 20:23
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /model/approve_petty_cash.php. The manipulation of the argument admin_index leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-263798 is the identifier assigned to this vulnerability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2043.pdf | Exploit | |
| cna@vuldb.com | https://vuldb.com/?ctiid.263798 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.263798 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.331886 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2043.pdf | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?ctiid.263798 | Permissions Required, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.263798 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?submit.331886 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| campcodes | complete_web-based_school_management_system | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", matchCriteriaId: "3B428FEE-6202-4945-8D0F-4E4734D573EC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /model/approve_petty_cash.php. The manipulation of the argument admin_index leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-263798 is the identifier assigned to this vulnerability.", }, { lang: "es", value: "Se encontró una vulnerabilidad en Campcodes Complete Web-Based School Management System 1.0. Ha sido calificado como problemático. Una función desconocida del archivo /model/approve_petty_cash.php es afectada por esta vulnerabilidad. La manipulación del argumento admin_index conduce a Cross Site Scripting. El ataque puede lanzarse de forma remota. El exploit ha sido divulgado al público y puede utilizarse. VDB-263798 es el identificador asignado a esta vulnerabilidad.", }, ], id: "CVE-2024-4720", lastModified: "2025-02-20T20:23:38.033", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "cna@vuldb.com", type: "Secondary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.5, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 1.4, source: "cna@vuldb.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], cvssMetricV40: [ { cvssData: { Automatable: "NOT_DEFINED", Recovery: "NOT_DEFINED", Safety: "NOT_DEFINED", attackComplexity: "LOW", attackRequirements: "NONE", attackVector: "NETWORK", availabilityRequirement: "NOT_DEFINED", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityRequirement: "NOT_DEFINED", exploitMaturity: "NOT_DEFINED", integrityRequirement: "NOT_DEFINED", modifiedAttackComplexity: "NOT_DEFINED", modifiedAttackRequirements: "NOT_DEFINED", modifiedAttackVector: "NOT_DEFINED", modifiedPrivilegesRequired: "NOT_DEFINED", modifiedSubAvailabilityImpact: "NOT_DEFINED", modifiedSubConfidentialityImpact: "NOT_DEFINED", modifiedSubIntegrityImpact: "NOT_DEFINED", modifiedUserInteraction: "NOT_DEFINED", modifiedVulnAvailabilityImpact: "NOT_DEFINED", modifiedVulnConfidentialityImpact: "NOT_DEFINED", modifiedVulnIntegrityImpact: "NOT_DEFINED", privilegesRequired: "LOW", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "NONE", subConfidentialityImpact: "NONE", subIntegrityImpact: "NONE", userInteraction: "NONE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", version: "4.0", vulnAvailabilityImpact: "NONE", vulnConfidentialityImpact: "NONE", vulnIntegrityImpact: "LOW", vulnerabilityResponseEffort: "NOT_DEFINED", }, source: "cna@vuldb.com", type: "Secondary", }, ], }, published: "2024-05-14T15:44:32.470", references: [ { source: "cna@vuldb.com", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2043.pdf", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.263798", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?id.263798", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.331886", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2043.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.263798", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?id.263798", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.331886", }, ], sourceIdentifier: "cna@vuldb.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "cna@vuldb.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-14 15:44
Modified
2025-02-19 18:07
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability, which was classified as problematic, was found in Campcodes Complete Web-Based School Management System 1.0. This affects an unknown part of the file /view/show_friend_request.php. The manipulation of the argument my_index leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263595.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2024.pdf | Exploit | |
| cna@vuldb.com | https://vuldb.com/?ctiid.263595 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.263595 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.331310 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2024.pdf | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?ctiid.263595 | Permissions Required, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.263595 | Permissions Required, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?submit.331310 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| campcodes | complete_web-based_school_management_system | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", matchCriteriaId: "3B428FEE-6202-4945-8D0F-4E4734D573EC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability, which was classified as problematic, was found in Campcodes Complete Web-Based School Management System 1.0. This affects an unknown part of the file /view/show_friend_request.php. The manipulation of the argument my_index leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263595.", }, { lang: "es", value: "Una vulnerabilidad fue encontrada en Campcodes Complete Web-Based School Management System 1.0 y clasificada como problemática. Esto afecta a una parte desconocida del archivo /view/show_friend_request.php. La manipulación del argumento my_index conduce a Cross Site Scripting. Es posible iniciar el ataque de forma remota. El exploit ha sido divulgado al público y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-263595.", }, ], id: "CVE-2024-4674", lastModified: "2025-02-19T18:07:22.000", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "cna@vuldb.com", type: "Secondary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.5, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 1.4, source: "cna@vuldb.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], cvssMetricV40: [ { cvssData: { Automatable: "NOT_DEFINED", Recovery: "NOT_DEFINED", Safety: "NOT_DEFINED", attackComplexity: "LOW", attackRequirements: "NONE", attackVector: "NETWORK", availabilityRequirement: "NOT_DEFINED", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityRequirement: "NOT_DEFINED", exploitMaturity: "NOT_DEFINED", integrityRequirement: "NOT_DEFINED", modifiedAttackComplexity: "NOT_DEFINED", modifiedAttackRequirements: "NOT_DEFINED", modifiedAttackVector: "NOT_DEFINED", modifiedPrivilegesRequired: "NOT_DEFINED", modifiedSubAvailabilityImpact: "NOT_DEFINED", modifiedSubConfidentialityImpact: "NOT_DEFINED", modifiedSubIntegrityImpact: "NOT_DEFINED", modifiedUserInteraction: "NOT_DEFINED", modifiedVulnAvailabilityImpact: "NOT_DEFINED", modifiedVulnConfidentialityImpact: "NOT_DEFINED", modifiedVulnIntegrityImpact: "NOT_DEFINED", privilegesRequired: "LOW", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "NONE", subConfidentialityImpact: "NONE", subIntegrityImpact: "NONE", userInteraction: "NONE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", version: "4.0", vulnAvailabilityImpact: "NONE", vulnConfidentialityImpact: "NONE", vulnIntegrityImpact: "LOW", vulnerabilityResponseEffort: "NOT_DEFINED", }, source: "cna@vuldb.com", type: "Secondary", }, ], }, published: "2024-05-14T15:44:17.163", references: [ { source: "cna@vuldb.com", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2024.pdf", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.263595", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?id.263595", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.331310", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2024.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.263595", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?id.263595", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.331310", }, ], sourceIdentifier: "cna@vuldb.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "cna@vuldb.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-28 16:15
Modified
2025-03-25 17:18
Severity ?
Summary
A SQL injection vulnerability in /model/get_student.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the id parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| campcodes | complete_web-based_school_management_system | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", matchCriteriaId: "3B428FEE-6202-4945-8D0F-4E4734D573EC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A SQL injection vulnerability in /model/get_student.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the id parameter.", }, { lang: "es", value: "Una vulnerabilidad de inyección SQL en /model/get_student.php en campcodes Complete Web-Based School Management System 1.0 permite a un atacante ejecutar comandos SQL arbitrarios a través del parámetro id.", }, ], id: "CVE-2024-33805", lastModified: "2025-03-25T17:18:48.510", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-05-28T16:15:16.547", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2013.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2013.pdf", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-06 03:15
Modified
2025-02-19 18:00
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /view/teacher_salary_invoice1.php. The manipulation of the argument date leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263121 was assigned to this vulnerability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%205.pdf | Exploit | |
| cna@vuldb.com | https://vuldb.com/?ctiid.263121 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.263121 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.329698 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%205.pdf | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?ctiid.263121 | Permissions Required, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.263121 | Permissions Required, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?submit.329698 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| campcodes | complete_web-based_school_management_system | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", matchCriteriaId: "3B428FEE-6202-4945-8D0F-4E4734D573EC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /view/teacher_salary_invoice1.php. The manipulation of the argument date leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263121 was assigned to this vulnerability.", }, { lang: "es", value: "Se encontró una vulnerabilidad en Campcodes Complete Web-Based School Management System 1.0. Ha sido clasificada como problemática. Esto afecta a una parte desconocida del archivo /view/teacher_salary_invoice1.php. La manipulación de la fecha del argumento conduce a cross site scripting. Es posible iniciar el ataque de forma remota. El exploit ha sido divulgado al público y puede utilizarse. A esta vulnerabilidad se le asignó el identificador VDB-263121.", }, ], id: "CVE-2024-4517", lastModified: "2025-02-19T18:00:12.237", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "cna@vuldb.com", type: "Secondary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.5, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 1.4, source: "cna@vuldb.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-05-06T03:15:10.347", references: [ { source: "cna@vuldb.com", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%205.pdf", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.263121", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?id.263121", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.329698", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%205.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.263121", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?id.263121", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.329698", }, ], sourceIdentifier: "cna@vuldb.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "cna@vuldb.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-19 21:15
Modified
2025-03-05 16:16
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /view/student_first_payment.php. The manipulation of the argument grade leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-265093 was assigned to this vulnerability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%208.pdf | Exploit | |
| cna@vuldb.com | https://vuldb.com/?ctiid.265093 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.265093 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.338506 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%208.pdf | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?ctiid.265093 | Permissions Required, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.265093 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?submit.338506 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| campcodes | complete_web-based_school_management_system | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", matchCriteriaId: "3B428FEE-6202-4945-8D0F-4E4734D573EC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /view/student_first_payment.php. The manipulation of the argument grade leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-265093 was assigned to this vulnerability.", }, { lang: "es", value: "Se encontró una vulnerabilidad en Campcodes Complete Web-Based School Management System 1.0. Ha sido declarada crítica. Una función desconocida del archivo /view/student_first_paid.php es afectada por esta vulnerabilidad. La manipulación del argumento grade conduce a la inyección de SQL. El ataque se puede lanzar de forma remota. El exploit ha sido divulgado al público y puede utilizarse. A esta vulnerabilidad se le asignó el identificador VDB-265093.", }, ], id: "CVE-2024-5103", lastModified: "2025-03-05T16:16:37.367", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "cna@vuldb.com", type: "Secondary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.4, source: "cna@vuldb.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], cvssMetricV40: [ { cvssData: { Automatable: "NOT_DEFINED", Recovery: "NOT_DEFINED", Safety: "NOT_DEFINED", attackComplexity: "LOW", attackRequirements: "NONE", attackVector: "NETWORK", availabilityRequirement: "NOT_DEFINED", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityRequirement: "NOT_DEFINED", exploitMaturity: "NOT_DEFINED", integrityRequirement: "NOT_DEFINED", modifiedAttackComplexity: "NOT_DEFINED", modifiedAttackRequirements: "NOT_DEFINED", modifiedAttackVector: "NOT_DEFINED", modifiedPrivilegesRequired: "NOT_DEFINED", modifiedSubAvailabilityImpact: "NOT_DEFINED", modifiedSubConfidentialityImpact: "NOT_DEFINED", modifiedSubIntegrityImpact: "NOT_DEFINED", modifiedUserInteraction: "NOT_DEFINED", modifiedVulnAvailabilityImpact: "NOT_DEFINED", modifiedVulnConfidentialityImpact: "NOT_DEFINED", modifiedVulnIntegrityImpact: "NOT_DEFINED", privilegesRequired: "LOW", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "NONE", subConfidentialityImpact: "NONE", subIntegrityImpact: "NONE", userInteraction: "NONE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", version: "4.0", vulnAvailabilityImpact: "LOW", vulnConfidentialityImpact: "LOW", vulnIntegrityImpact: "LOW", vulnerabilityResponseEffort: "NOT_DEFINED", }, source: "cna@vuldb.com", type: "Secondary", }, ], }, published: "2024-05-19T21:15:06.893", references: [ { source: "cna@vuldb.com", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%208.pdf", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.265093", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?id.265093", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.338506", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%208.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.265093", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?id.265093", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.338506", }, ], sourceIdentifier: "cna@vuldb.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "cna@vuldb.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-23 05:15
Modified
2025-02-27 11:22
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
A vulnerability classified as critical has been found in Campcodes Complete Web-Based School Management System 1.0. Affected is an unknown function of the file /view/teacher_salary_invoice.php. The manipulation of the argument teacher_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-265986 is the identifier assigned to this vulnerability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2025.pdf | Exploit | |
| cna@vuldb.com | https://vuldb.com/?ctiid.265986 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.265986 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.339811 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2025.pdf | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?ctiid.265986 | Permissions Required, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.265986 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?submit.339811 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| campcodes | complete_web-based_school_management_system | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", matchCriteriaId: "3B428FEE-6202-4945-8D0F-4E4734D573EC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability classified as critical has been found in Campcodes Complete Web-Based School Management System 1.0. Affected is an unknown function of the file /view/teacher_salary_invoice.php. The manipulation of the argument teacher_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-265986 is the identifier assigned to this vulnerability.", }, { lang: "es", value: "Una vulnerabilidad ha sido encontrada en Campcodes Complete Web-Based School Management System 1.0 y clasificada como crítica. Una función desconocida del archivo /view/teacher_salary_invoice.php es afectada por esta vulnerabilidad. La manipulación del argumento teacher_id conduce a la inyección de SQL. Es posible lanzar el ataque de forma remota. El exploit ha sido divulgado al público y puede utilizarse. VDB-265986 es el identificador asignado a esta vulnerabilidad.", }, ], id: "CVE-2024-5235", lastModified: "2025-02-27T11:22:52.850", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "cna@vuldb.com", type: "Secondary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.4, source: "cna@vuldb.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], cvssMetricV40: [ { cvssData: { Automatable: "NOT_DEFINED", Recovery: "NOT_DEFINED", Safety: "NOT_DEFINED", attackComplexity: "LOW", attackRequirements: "NONE", attackVector: "NETWORK", availabilityRequirement: "NOT_DEFINED", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityRequirement: "NOT_DEFINED", exploitMaturity: "NOT_DEFINED", integrityRequirement: "NOT_DEFINED", modifiedAttackComplexity: "NOT_DEFINED", modifiedAttackRequirements: "NOT_DEFINED", modifiedAttackVector: "NOT_DEFINED", modifiedPrivilegesRequired: "NOT_DEFINED", modifiedSubAvailabilityImpact: "NOT_DEFINED", modifiedSubConfidentialityImpact: "NOT_DEFINED", modifiedSubIntegrityImpact: "NOT_DEFINED", modifiedUserInteraction: "NOT_DEFINED", modifiedVulnAvailabilityImpact: "NOT_DEFINED", modifiedVulnConfidentialityImpact: "NOT_DEFINED", modifiedVulnIntegrityImpact: "NOT_DEFINED", privilegesRequired: "LOW", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "NONE", subConfidentialityImpact: "NONE", subIntegrityImpact: "NONE", userInteraction: "NONE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", version: "4.0", vulnAvailabilityImpact: "LOW", vulnConfidentialityImpact: "LOW", vulnIntegrityImpact: "LOW", vulnerabilityResponseEffort: "NOT_DEFINED", }, source: "cna@vuldb.com", type: "Secondary", }, ], }, published: "2024-05-23T05:15:49.947", references: [ { source: "cna@vuldb.com", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2025.pdf", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.265986", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?id.265986", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.339811", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2025.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.265986", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?id.265986", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.339811", }, ], sourceIdentifier: "cna@vuldb.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "cna@vuldb.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-23 17:15
Modified
2025-03-25 17:19
Severity ?
Summary
A SQL injection vulnerability in /model/update_exam.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the name parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| campcodes | complete_web-based_school_management_system | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", matchCriteriaId: "3B428FEE-6202-4945-8D0F-4E4734D573EC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A SQL injection vulnerability in /model/update_exam.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the name parameter.", }, { lang: "es", value: "Una vulnerabilidad de inyección SQL en /model/update_exam.php en Campcodes Complete Web-Based School Management System 1.0 permite a un atacante ejecutar comandos SQL arbitrarios a través del parámetro de nombre.", }, ], id: "CVE-2024-34932", lastModified: "2025-03-25T17:19:40.843", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-05-23T17:15:30.017", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2022.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2022.pdf", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-06 04:15
Modified
2025-02-19 18:00
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /view/teacher_salary_invoice.php. The manipulation of the argument desc leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-263122 is the identifier assigned to this vulnerability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%206.pdf | Exploit | |
| cna@vuldb.com | https://vuldb.com/?ctiid.263122 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.263122 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.329699 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%206.pdf | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?ctiid.263122 | Permissions Required, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.263122 | Permissions Required, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?submit.329699 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| campcodes | complete_web-based_school_management_system | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", matchCriteriaId: "3B428FEE-6202-4945-8D0F-4E4734D573EC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /view/teacher_salary_invoice.php. The manipulation of the argument desc leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-263122 is the identifier assigned to this vulnerability.", }, { lang: "es", value: "Se encontró una vulnerabilidad en Campcodes Complete Web-Based School Management System 1.0. Ha sido declarada problemática. Esta vulnerabilidad afecta a un código desconocido del archivo /view/teacher_salary_invoice.php. La manipulación del argumento desc conduce a cross site scripting. El ataque se puede iniciar de forma remota. El exploit ha sido divulgado al público y puede utilizarse. VDB-263122 es el identificador asignado a esta vulnerabilidad.", }, ], id: "CVE-2024-4518", lastModified: "2025-02-19T18:00:39.067", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "cna@vuldb.com", type: "Secondary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.5, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 1.4, source: "cna@vuldb.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-05-06T04:15:07.487", references: [ { source: "cna@vuldb.com", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%206.pdf", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.263122", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?id.263122", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.329699", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%206.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.263122", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?id.263122", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.329699", }, ], sourceIdentifier: "cna@vuldb.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "cna@vuldb.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-06 02:15
Modified
2025-02-19 17:50
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability, which was classified as problematic, was found in Campcodes Complete Web-Based School Management System 1.0. Affected is an unknown function of the file /view/timetable_insert_form.php. The manipulation of the argument grade leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-263118 is the identifier assigned to this vulnerability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%202.pdf | Exploit | |
| cna@vuldb.com | https://vuldb.com/?ctiid.263118 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.263118 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.329695 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%202.pdf | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?ctiid.263118 | Permissions Required, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.263118 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?submit.329695 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| campcodes | complete_web-based_school_management_system | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", matchCriteriaId: "3B428FEE-6202-4945-8D0F-4E4734D573EC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability, which was classified as problematic, was found in Campcodes Complete Web-Based School Management System 1.0. Affected is an unknown function of the file /view/timetable_insert_form.php. The manipulation of the argument grade leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-263118 is the identifier assigned to this vulnerability.", }, { lang: "es", value: "Una vulnerabilidad fue encontrada en Campcodes Complete Web-Based School Management System 1.0 y clasificada como problemática. Una función desconocida del archivo /view/timetable_insert_form.php es afectada por esta vulnerabilidad. La manipulación de la calificación del argumento conduce a cross site scripting. Es posible lanzar el ataque de forma remota. El exploit ha sido divulgado al público y puede utilizarse. VDB-263118 es el identificador asignado a esta vulnerabilidad.", }, ], id: "CVE-2024-4514", lastModified: "2025-02-19T17:50:48.497", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "cna@vuldb.com", type: "Secondary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.5, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 1.4, source: "cna@vuldb.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-05-06T02:15:07.327", references: [ { source: "cna@vuldb.com", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%202.pdf", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.263118", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?id.263118", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.329695", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%202.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.263118", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?id.263118", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.329695", }, ], sourceIdentifier: "cna@vuldb.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "cna@vuldb.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-08 13:15
Modified
2025-02-19 18:04
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /view/student_exam_mark_update_form.php. The manipulation of the argument std_index leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263492.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2017.pdf | Exploit | |
| cna@vuldb.com | https://vuldb.com/?ctiid.263492 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.263492 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.330122 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2017.pdf | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?ctiid.263492 | Permissions Required, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.263492 | Permissions Required, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?submit.330122 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| campcodes | complete_web-based_school_management_system | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", matchCriteriaId: "3B428FEE-6202-4945-8D0F-4E4734D573EC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /view/student_exam_mark_update_form.php. The manipulation of the argument std_index leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263492.", }, { lang: "es", value: "Se encontró una vulnerabilidad en Campcodes Complete Web-Based School Management System 1.0. Ha sido calificada como problemática. Una función desconocida del archivo /view/student_exam_mark_update_form.php es afectada por esta vulnerabilidad. La manipulación del argumento std_index conduce a cross site scripting. El ataque puede lanzarse de forma remota. El exploit ha sido divulgado al público y puede utilizarse. El identificador de esta vulnerabilidad es VDB-263492.", }, ], id: "CVE-2024-4648", lastModified: "2025-02-19T18:04:02.307", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "cna@vuldb.com", type: "Secondary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.5, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 1.4, source: "cna@vuldb.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-05-08T13:15:08.740", references: [ { source: "cna@vuldb.com", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2017.pdf", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.263492", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?id.263492", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.330122", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2017.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.263492", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?id.263492", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.330122", }, ], sourceIdentifier: "cna@vuldb.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "cna@vuldb.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-06 18:15
Modified
2025-03-25 17:20
Severity ?
Summary
SQL injection vulnerability in /model/delete_range_grade.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the id parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| campcodes | complete_web-based_school_management_system | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", matchCriteriaId: "3B428FEE-6202-4945-8D0F-4E4734D573EC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "SQL injection vulnerability in /model/delete_range_grade.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the id parameter.", }, { lang: "es", value: "Vulnerabilidad de inyección SQL en /model/delete_range_grade.php en campcodes Complete Web-Based School Management System 1.0 permite al atacante ejecutar comandos SQL arbitrarios a través del parámetro id.", }, ], id: "CVE-2024-33410", lastModified: "2025-03-25T17:20:24.067", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-05-06T18:15:08.283", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%205.pdf", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%209.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%205.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%209.pdf", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-14 15:44
Modified
2025-02-19 18:06
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability has been found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /view/show_events.php. The manipulation of the argument event_id leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263596.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2025.pdf | Exploit | |
| cna@vuldb.com | https://vuldb.com/?ctiid.263596 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.263596 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.331312 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2025.pdf | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?ctiid.263596 | Permissions Required, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.263596 | Permissions Required, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?submit.331312 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| campcodes | complete_web-based_school_management_system | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", matchCriteriaId: "3B428FEE-6202-4945-8D0F-4E4734D573EC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability has been found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /view/show_events.php. The manipulation of the argument event_id leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263596.", }, { lang: "es", value: "Una vulnerabilidad ha sido encontrada en Campcodes Complete Web-Based School Management System 1.0 y clasificada como problemática. Esta vulnerabilidad afecta a un código desconocido del archivo /view/show_events.php. La manipulación del argumento event_id conduce a Cross Site Scripting. El ataque se puede iniciar de forma remota. El exploit ha sido divulgado al público y puede utilizarse. El identificador de esta vulnerabilidad es VDB-263596.", }, ], id: "CVE-2024-4675", lastModified: "2025-02-19T18:06:59.853", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "cna@vuldb.com", type: "Secondary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.5, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 1.4, source: "cna@vuldb.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], cvssMetricV40: [ { cvssData: { Automatable: "NOT_DEFINED", Recovery: "NOT_DEFINED", Safety: "NOT_DEFINED", attackComplexity: "LOW", attackRequirements: "NONE", attackVector: "NETWORK", availabilityRequirement: "NOT_DEFINED", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityRequirement: "NOT_DEFINED", exploitMaturity: "NOT_DEFINED", integrityRequirement: "NOT_DEFINED", modifiedAttackComplexity: "NOT_DEFINED", modifiedAttackRequirements: "NOT_DEFINED", modifiedAttackVector: "NOT_DEFINED", modifiedPrivilegesRequired: "NOT_DEFINED", modifiedSubAvailabilityImpact: "NOT_DEFINED", modifiedSubConfidentialityImpact: "NOT_DEFINED", modifiedSubIntegrityImpact: "NOT_DEFINED", modifiedUserInteraction: "NOT_DEFINED", modifiedVulnAvailabilityImpact: "NOT_DEFINED", modifiedVulnConfidentialityImpact: "NOT_DEFINED", modifiedVulnIntegrityImpact: "NOT_DEFINED", privilegesRequired: "LOW", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "NONE", subConfidentialityImpact: "NONE", subIntegrityImpact: "NONE", userInteraction: "NONE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", version: "4.0", vulnAvailabilityImpact: "NONE", vulnConfidentialityImpact: "NONE", vulnIntegrityImpact: "LOW", vulnerabilityResponseEffort: "NOT_DEFINED", }, source: "cna@vuldb.com", type: "Secondary", }, ], }, published: "2024-05-14T15:44:17.840", references: [ { source: "cna@vuldb.com", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2025.pdf", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.263596", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?id.263596", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.331312", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2025.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.263596", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?id.263596", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.331312", }, ], sourceIdentifier: "cna@vuldb.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "cna@vuldb.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-06 06:15
Modified
2025-02-19 18:05
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /view/student_payment_details3.php. The manipulation of the argument month leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263129 was assigned to this vulnerability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2013.pdf | Exploit | |
| cna@vuldb.com | https://vuldb.com/?ctiid.263129 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.263129 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.329772 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2013.pdf | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?ctiid.263129 | Permissions Required, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.263129 | Permissions Required, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?submit.329772 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| campcodes | complete_web-based_school_management_system | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", matchCriteriaId: "3B428FEE-6202-4945-8D0F-4E4734D573EC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /view/student_payment_details3.php. The manipulation of the argument month leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263129 was assigned to this vulnerability.", }, { lang: "es", value: "Una vulnerabilidad fue encontrada en Campcodes Complete Web-Based School Management System 1.0 y clasificada como problemática. Este problema afecta un procesamiento desconocido del archivo /view/student_paid_details3.php. La manipulación del argumento mes conduce a cross site scripting. El ataque puede iniciarse de forma remota. El exploit ha sido divulgado al público y puede utilizarse. A esta vulnerabilidad se le asignó el identificador VDB-263129.", }, ], id: "CVE-2024-4526", lastModified: "2025-02-19T18:05:18.270", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "cna@vuldb.com", type: "Secondary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.5, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 1.4, source: "cna@vuldb.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-05-06T06:15:08.107", references: [ { source: "cna@vuldb.com", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2013.pdf", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.263129", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?id.263129", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.329772", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2013.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.263129", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?id.263129", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.329772", }, ], sourceIdentifier: "cna@vuldb.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "cna@vuldb.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-28 16:15
Modified
2025-03-25 17:19
Severity ?
Summary
A SQL injection vulnerability in /model/get_student_subject.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the index parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| campcodes | complete_web-based_school_management_system | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", matchCriteriaId: "3B428FEE-6202-4945-8D0F-4E4734D573EC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A SQL injection vulnerability in /model/get_student_subject.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the index parameter.", }, { lang: "es", value: "Una vulnerabilidad de inyección SQL en /model/get_student_subject.php en campcodes Complete Web-Based School Management System 1.0 permite a un atacante ejecutar comandos SQL arbitrarios a través del parámetro index.", }, ], id: "CVE-2024-33802", lastModified: "2025-03-25T17:19:00.500", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-05-28T16:15:16.347", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2014.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2014.pdf", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-14 15:44
Modified
2025-02-19 19:00
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability has been found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /model/update_exam.php. The manipulation of the argument name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-263794 is the identifier assigned to this vulnerability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2039.pdf | Exploit | |
| cna@vuldb.com | https://vuldb.com/?ctiid.263794 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.263794 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.331882 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2039.pdf | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?ctiid.263794 | Permissions Required, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.263794 | Permissions Required, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?submit.331882 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| campcodes | complete_web-based_school_management_system | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", matchCriteriaId: "3B428FEE-6202-4945-8D0F-4E4734D573EC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability has been found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /model/update_exam.php. The manipulation of the argument name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-263794 is the identifier assigned to this vulnerability.", }, { lang: "es", value: "Una vulnerabilidad ha sido encontrada en Campcodes Complete Web-Based School Management System 1.0 y clasificada como problemática. Esta vulnerabilidad afecta a un código desconocido del archivo /model/update_exam.php. La manipulación del nombre del argumento conduce a Cross Site Scripting. El ataque se puede iniciar de forma remota. El exploit ha sido divulgado al público y puede utilizarse. VDB-263794 es el identificador asignado a esta vulnerabilidad.", }, ], id: "CVE-2024-4716", lastModified: "2025-02-19T19:00:17.770", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "cna@vuldb.com", type: "Secondary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.5, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 1.4, source: "cna@vuldb.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], cvssMetricV40: [ { cvssData: { Automatable: "NOT_DEFINED", Recovery: "NOT_DEFINED", Safety: "NOT_DEFINED", attackComplexity: "LOW", attackRequirements: "NONE", attackVector: "NETWORK", availabilityRequirement: "NOT_DEFINED", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityRequirement: "NOT_DEFINED", exploitMaturity: "NOT_DEFINED", integrityRequirement: "NOT_DEFINED", modifiedAttackComplexity: "NOT_DEFINED", modifiedAttackRequirements: "NOT_DEFINED", modifiedAttackVector: "NOT_DEFINED", modifiedPrivilegesRequired: "NOT_DEFINED", modifiedSubAvailabilityImpact: "NOT_DEFINED", modifiedSubConfidentialityImpact: "NOT_DEFINED", modifiedSubIntegrityImpact: "NOT_DEFINED", modifiedUserInteraction: "NOT_DEFINED", modifiedVulnAvailabilityImpact: "NOT_DEFINED", modifiedVulnConfidentialityImpact: "NOT_DEFINED", modifiedVulnIntegrityImpact: "NOT_DEFINED", privilegesRequired: "LOW", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "NONE", subConfidentialityImpact: "NONE", subIntegrityImpact: "NONE", userInteraction: "NONE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", version: "4.0", vulnAvailabilityImpact: "NONE", vulnConfidentialityImpact: "NONE", vulnIntegrityImpact: "LOW", vulnerabilityResponseEffort: "NOT_DEFINED", }, source: "cna@vuldb.com", type: "Secondary", }, ], }, published: "2024-05-14T15:44:29.790", references: [ { source: "cna@vuldb.com", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2039.pdf", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.263794", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?id.263794", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.331882", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2039.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.263794", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?id.263794", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.331882", }, ], sourceIdentifier: "cna@vuldb.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "cna@vuldb.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-23 03:15
Modified
2025-02-27 01:54
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /view/teacher_salary_details.php. The manipulation of the argument index leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-265982 is the identifier assigned to this vulnerability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2021.pdf | Exploit | |
| cna@vuldb.com | https://vuldb.com/?ctiid.265982 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.265982 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.339807 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2021.pdf | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?ctiid.265982 | Permissions Required, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.265982 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?submit.339807 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| campcodes | complete_web-based_school_management_system | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", matchCriteriaId: "3B428FEE-6202-4945-8D0F-4E4734D573EC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /view/teacher_salary_details.php. The manipulation of the argument index leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-265982 is the identifier assigned to this vulnerability.", }, { lang: "es", value: "Una vulnerabilidad fue encontrada en Campcodes Complete Web-Based School Management System 1.0 y clasificada como crítica. Una función desconocida del archivo /view/teacher_salary_details.php es afectada por esta vulnerabilidad. La manipulación del índice del argumento conduce a la inyección de SQL. El ataque puede lanzarse de forma remota. El exploit ha sido divulgado al público y puede utilizarse. VDB-265982 es el identificador asignado a esta vulnerabilidad.", }, ], id: "CVE-2024-5231", lastModified: "2025-02-27T01:54:11.840", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "cna@vuldb.com", type: "Secondary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.4, source: "cna@vuldb.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], cvssMetricV40: [ { cvssData: { Automatable: "NOT_DEFINED", Recovery: "NOT_DEFINED", Safety: "NOT_DEFINED", attackComplexity: "LOW", attackRequirements: "NONE", attackVector: "NETWORK", availabilityRequirement: "NOT_DEFINED", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityRequirement: "NOT_DEFINED", exploitMaturity: "NOT_DEFINED", integrityRequirement: "NOT_DEFINED", modifiedAttackComplexity: "NOT_DEFINED", modifiedAttackRequirements: "NOT_DEFINED", modifiedAttackVector: "NOT_DEFINED", modifiedPrivilegesRequired: "NOT_DEFINED", modifiedSubAvailabilityImpact: "NOT_DEFINED", modifiedSubConfidentialityImpact: "NOT_DEFINED", modifiedSubIntegrityImpact: "NOT_DEFINED", modifiedUserInteraction: "NOT_DEFINED", modifiedVulnAvailabilityImpact: "NOT_DEFINED", modifiedVulnConfidentialityImpact: "NOT_DEFINED", modifiedVulnIntegrityImpact: "NOT_DEFINED", privilegesRequired: "LOW", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "NONE", subConfidentialityImpact: "NONE", subIntegrityImpact: "NONE", userInteraction: "NONE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", version: "4.0", vulnAvailabilityImpact: "LOW", vulnConfidentialityImpact: "LOW", vulnIntegrityImpact: "LOW", vulnerabilityResponseEffort: "NOT_DEFINED", }, source: "cna@vuldb.com", type: "Secondary", }, ], }, published: "2024-05-23T03:15:08.307", references: [ { source: "cna@vuldb.com", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2021.pdf", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.265982", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?id.265982", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.339807", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2021.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.265982", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?id.265982", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.339807", }, ], sourceIdentifier: "cna@vuldb.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "cna@vuldb.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-23 06:15
Modified
2025-03-01 01:47
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
A vulnerability has been found in Campcodes Complete Web-Based School Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /view/timetable_update_form.php. The manipulation of the argument grade leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-265990 is the identifier assigned to this vulnerability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2029.pdf | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?ctiid.265990 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.265990 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.339815 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2029.pdf | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?ctiid.265990 | Permissions Required, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.265990 | Permissions Required, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?submit.339815 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| campcodes | complete_web-based_school_management_system | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", matchCriteriaId: "3B428FEE-6202-4945-8D0F-4E4734D573EC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability has been found in Campcodes Complete Web-Based School Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /view/timetable_update_form.php. The manipulation of the argument grade leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-265990 is the identifier assigned to this vulnerability.", }, { lang: "es", value: "Una vulnerabilidad ha sido encontrada en Campcodes Complete Web-Based School Management System 1.0 y clasificada como crítica. Esta vulnerabilidad afecta a un código desconocido del archivo /view/timetable_update_form.php. La manipulación del grado del argumento conduce a la inyección de SQL. El ataque se puede iniciar de forma remota. El exploit ha sido divulgado al público y puede utilizarse. VDB-265990 es el identificador asignado a esta vulnerabilidad.", }, ], id: "CVE-2024-5239", lastModified: "2025-03-01T01:47:12.047", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "cna@vuldb.com", type: "Secondary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.4, source: "cna@vuldb.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], cvssMetricV40: [ { cvssData: { Automatable: "NOT_DEFINED", Recovery: "NOT_DEFINED", Safety: "NOT_DEFINED", attackComplexity: "LOW", attackRequirements: "NONE", attackVector: "NETWORK", availabilityRequirement: "NOT_DEFINED", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityRequirement: "NOT_DEFINED", exploitMaturity: "NOT_DEFINED", integrityRequirement: "NOT_DEFINED", modifiedAttackComplexity: "NOT_DEFINED", modifiedAttackRequirements: "NOT_DEFINED", modifiedAttackVector: "NOT_DEFINED", modifiedPrivilegesRequired: "NOT_DEFINED", modifiedSubAvailabilityImpact: "NOT_DEFINED", modifiedSubConfidentialityImpact: "NOT_DEFINED", modifiedSubIntegrityImpact: "NOT_DEFINED", modifiedUserInteraction: "NOT_DEFINED", modifiedVulnAvailabilityImpact: "NOT_DEFINED", modifiedVulnConfidentialityImpact: "NOT_DEFINED", modifiedVulnIntegrityImpact: "NOT_DEFINED", privilegesRequired: "LOW", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "NONE", subConfidentialityImpact: "NONE", subIntegrityImpact: "NONE", userInteraction: "NONE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", version: "4.0", vulnAvailabilityImpact: "LOW", vulnConfidentialityImpact: "LOW", vulnIntegrityImpact: "LOW", vulnerabilityResponseEffort: "NOT_DEFINED", }, source: "cna@vuldb.com", type: "Secondary", }, ], }, published: "2024-05-23T06:15:13.557", references: [ { source: "cna@vuldb.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2029.pdf", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.265990", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?id.265990", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.339815", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2029.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.265990", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?id.265990", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.339815", }, ], sourceIdentifier: "cna@vuldb.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "cna@vuldb.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-14 15:44
Modified
2025-02-19 18:39
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /view/emarks_range_grade_update_form.php. The manipulation of the argument grade leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263627.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2033.pdf | Exploit | |
| cna@vuldb.com | https://vuldb.com/?ctiid.263627 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.263627 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.331776 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2033.pdf | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?ctiid.263627 | Permissions Required, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.263627 | Permissions Required, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?submit.331776 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| campcodes | complete_web-based_school_management_system | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", matchCriteriaId: "3B428FEE-6202-4945-8D0F-4E4734D573EC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /view/emarks_range_grade_update_form.php. The manipulation of the argument grade leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263627.", }, { lang: "es", value: "Se encontró una vulnerabilidad en Campcodes Complete Web-Based School Management System 1.0. Ha sido calificado como problemático. Este problema afecta un procesamiento desconocido del archivo /view/emarks_range_grade_update_form.php. La manipulación de la calificación del argumento conduce a Cross Site Scripting. El ataque puede iniciarse de forma remota. El exploit ha sido divulgado al público y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-263627.", }, ], id: "CVE-2024-4686", lastModified: "2025-02-19T18:39:28.037", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "cna@vuldb.com", type: "Secondary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.5, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 1.4, source: "cna@vuldb.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], cvssMetricV40: [ { cvssData: { Automatable: "NOT_DEFINED", Recovery: "NOT_DEFINED", Safety: "NOT_DEFINED", attackComplexity: "LOW", attackRequirements: "NONE", attackVector: "NETWORK", availabilityRequirement: "NOT_DEFINED", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityRequirement: "NOT_DEFINED", exploitMaturity: "NOT_DEFINED", integrityRequirement: "NOT_DEFINED", modifiedAttackComplexity: "NOT_DEFINED", modifiedAttackRequirements: "NOT_DEFINED", modifiedAttackVector: "NOT_DEFINED", modifiedPrivilegesRequired: "NOT_DEFINED", modifiedSubAvailabilityImpact: "NOT_DEFINED", modifiedSubConfidentialityImpact: "NOT_DEFINED", modifiedSubIntegrityImpact: "NOT_DEFINED", modifiedUserInteraction: "NOT_DEFINED", modifiedVulnAvailabilityImpact: "NOT_DEFINED", modifiedVulnConfidentialityImpact: "NOT_DEFINED", modifiedVulnIntegrityImpact: "NOT_DEFINED", privilegesRequired: "LOW", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "NONE", subConfidentialityImpact: "NONE", subIntegrityImpact: "NONE", userInteraction: "NONE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", version: "4.0", vulnAvailabilityImpact: "NONE", vulnConfidentialityImpact: "NONE", vulnIntegrityImpact: "LOW", vulnerabilityResponseEffort: "NOT_DEFINED", }, source: "cna@vuldb.com", type: "Secondary", }, ], }, published: "2024-05-14T15:44:23.723", references: [ { source: "cna@vuldb.com", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2033.pdf", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.263627", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?id.263627", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.331776", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2033.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.263627", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?id.263627", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.331776", }, ], sourceIdentifier: "cna@vuldb.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "cna@vuldb.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-20 00:15
Modified
2025-02-21 21:14
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
A vulnerability, which was classified as critical, was found in Campcodes Complete Web-Based School Management System 1.0. Affected is an unknown function of the file /view/student_payment_details4.php. The manipulation of the argument index leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-265098 is the identifier assigned to this vulnerability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2013.pdf | Exploit | |
| cna@vuldb.com | https://vuldb.com/?ctiid.265098 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.265098 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.338512 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2013.pdf | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?ctiid.265098 | Permissions Required, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.265098 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?submit.338512 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| campcodes | complete_web-based_school_management_system | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", matchCriteriaId: "3B428FEE-6202-4945-8D0F-4E4734D573EC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability, which was classified as critical, was found in Campcodes Complete Web-Based School Management System 1.0. Affected is an unknown function of the file /view/student_payment_details4.php. The manipulation of the argument index leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-265098 is the identifier assigned to this vulnerability.", }, { lang: "es", value: " Una vulnerabilidad fue encontrada en Campcodes Complete Web-Based School Management System 1.0 y clasificada como crítica. Una función desconocida del archivo /view/student_paid_details4.php es afectada por esta vulnerabilidad. La manipulación del argumento index conduce a la inyección de SQL. Es posible lanzar el ataque de forma remota. El exploit ha sido divulgado al público y puede utilizarse. VDB-265098 es el identificador asignado a esta vulnerabilidad.", }, ], id: "CVE-2024-5108", lastModified: "2025-02-21T21:14:08.303", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "cna@vuldb.com", type: "Secondary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.4, source: "cna@vuldb.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], cvssMetricV40: [ { cvssData: { Automatable: "NOT_DEFINED", Recovery: "NOT_DEFINED", Safety: "NOT_DEFINED", attackComplexity: "LOW", attackRequirements: "NONE", attackVector: "NETWORK", availabilityRequirement: "NOT_DEFINED", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityRequirement: "NOT_DEFINED", exploitMaturity: "NOT_DEFINED", integrityRequirement: "NOT_DEFINED", modifiedAttackComplexity: "NOT_DEFINED", modifiedAttackRequirements: "NOT_DEFINED", modifiedAttackVector: "NOT_DEFINED", modifiedPrivilegesRequired: "NOT_DEFINED", modifiedSubAvailabilityImpact: "NOT_DEFINED", modifiedSubConfidentialityImpact: "NOT_DEFINED", modifiedSubIntegrityImpact: "NOT_DEFINED", modifiedUserInteraction: "NOT_DEFINED", modifiedVulnAvailabilityImpact: "NOT_DEFINED", modifiedVulnConfidentialityImpact: "NOT_DEFINED", modifiedVulnIntegrityImpact: "NOT_DEFINED", privilegesRequired: "LOW", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "NONE", subConfidentialityImpact: "NONE", subIntegrityImpact: "NONE", userInteraction: "NONE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", version: "4.0", vulnAvailabilityImpact: "LOW", vulnConfidentialityImpact: "LOW", vulnIntegrityImpact: "LOW", vulnerabilityResponseEffort: "NOT_DEFINED", }, source: "cna@vuldb.com", type: "Secondary", }, ], }, published: "2024-05-20T00:15:57.907", references: [ { source: "cna@vuldb.com", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2013.pdf", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.265098", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?id.265098", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.338512", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2013.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.265098", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?id.265098", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.338512", }, ], sourceIdentifier: "cna@vuldb.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "cna@vuldb.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-14 15:44
Modified
2025-02-19 18:37
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /view/exam_timetable_insert_form.php. The manipulation of the argument exam leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263624.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2030.pdf | Exploit | |
| cna@vuldb.com | https://vuldb.com/?ctiid.263624 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.263624 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.331773 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2030.pdf | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?ctiid.263624 | Permissions Required, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.263624 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?submit.331773 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| campcodes | complete_web-based_school_management_system | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", matchCriteriaId: "3B428FEE-6202-4945-8D0F-4E4734D573EC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /view/exam_timetable_insert_form.php. The manipulation of the argument exam leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263624.", }, { lang: "es", value: "Una vulnerabilidad fue encontrada en Campcodes Complete Web-Based School Management System 1.0 y clasificada como problemática. Una función desconocida del archivo /view/exam_timetable_insert_form.php es afectada por esta vulnerabilidad. La manipulación del examen de argumentos conduce a Cross Site Scripting. El ataque puede lanzarse de forma remota. El exploit ha sido divulgado al público y puede utilizarse. El identificador de esta vulnerabilidad es VDB-263624.", }, ], id: "CVE-2024-4683", lastModified: "2025-02-19T18:37:21.063", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "cna@vuldb.com", type: "Secondary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.5, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 1.4, source: "cna@vuldb.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], cvssMetricV40: [ { cvssData: { Automatable: "NOT_DEFINED", Recovery: "NOT_DEFINED", Safety: "NOT_DEFINED", attackComplexity: "LOW", attackRequirements: "NONE", attackVector: "NETWORK", availabilityRequirement: "NOT_DEFINED", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityRequirement: "NOT_DEFINED", exploitMaturity: "NOT_DEFINED", integrityRequirement: "NOT_DEFINED", modifiedAttackComplexity: "NOT_DEFINED", modifiedAttackRequirements: "NOT_DEFINED", modifiedAttackVector: "NOT_DEFINED", modifiedPrivilegesRequired: "NOT_DEFINED", modifiedSubAvailabilityImpact: "NOT_DEFINED", modifiedSubConfidentialityImpact: "NOT_DEFINED", modifiedSubIntegrityImpact: "NOT_DEFINED", modifiedUserInteraction: "NOT_DEFINED", modifiedVulnAvailabilityImpact: "NOT_DEFINED", modifiedVulnConfidentialityImpact: "NOT_DEFINED", modifiedVulnIntegrityImpact: "NOT_DEFINED", privilegesRequired: "LOW", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "NONE", subConfidentialityImpact: "NONE", subIntegrityImpact: "NONE", userInteraction: "NONE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", version: "4.0", vulnAvailabilityImpact: "NONE", vulnConfidentialityImpact: "NONE", vulnIntegrityImpact: "LOW", vulnerabilityResponseEffort: "NOT_DEFINED", }, source: "cna@vuldb.com", type: "Secondary", }, ], }, published: "2024-05-14T15:44:21.663", references: [ { source: "cna@vuldb.com", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2030.pdf", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.263624", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?id.263624", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.331773", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2030.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.263624", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?id.263624", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.331773", }, ], sourceIdentifier: "cna@vuldb.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "cna@vuldb.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-20 02:15
Modified
2025-02-21 20:06
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /view/student_profile.php. The manipulation of the argument std_index leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-265102 is the identifier assigned to this vulnerability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2017.pdf | Exploit | |
| cna@vuldb.com | https://vuldb.com/?ctiid.265102 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.265102 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.338516 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2017.pdf | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?ctiid.265102 | Permissions Required, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.265102 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?submit.338516 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| campcodes | complete_web-based_school_management_system | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", matchCriteriaId: "3B428FEE-6202-4945-8D0F-4E4734D573EC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /view/student_profile.php. The manipulation of the argument std_index leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-265102 is the identifier assigned to this vulnerability.", }, { lang: "es", value: "Se encontró una vulnerabilidad en Campcodes Complete Web-Based School Management System 1.0. Ha sido declarada crítica. Esta vulnerabilidad afecta al código desconocido del archivo /view/student_profile.php. La manipulación del argumento std_index conduce a la inyección de SQL. El ataque se puede iniciar de forma remota. El exploit ha sido divulgado al público y puede utilizarse. VDB-265102 es el identificador asignado a esta vulnerabilidad.", }, ], id: "CVE-2024-5112", lastModified: "2025-02-21T20:06:52.563", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "cna@vuldb.com", type: "Secondary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.4, source: "cna@vuldb.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], cvssMetricV40: [ { cvssData: { Automatable: "NOT_DEFINED", Recovery: "NOT_DEFINED", Safety: "NOT_DEFINED", attackComplexity: "LOW", attackRequirements: "NONE", attackVector: "NETWORK", availabilityRequirement: "NOT_DEFINED", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityRequirement: "NOT_DEFINED", exploitMaturity: "NOT_DEFINED", integrityRequirement: "NOT_DEFINED", modifiedAttackComplexity: "NOT_DEFINED", modifiedAttackRequirements: "NOT_DEFINED", modifiedAttackVector: "NOT_DEFINED", modifiedPrivilegesRequired: "NOT_DEFINED", modifiedSubAvailabilityImpact: "NOT_DEFINED", modifiedSubConfidentialityImpact: "NOT_DEFINED", modifiedSubIntegrityImpact: "NOT_DEFINED", modifiedUserInteraction: "NOT_DEFINED", modifiedVulnAvailabilityImpact: "NOT_DEFINED", modifiedVulnConfidentialityImpact: "NOT_DEFINED", modifiedVulnIntegrityImpact: "NOT_DEFINED", privilegesRequired: "LOW", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "NONE", subConfidentialityImpact: "NONE", subIntegrityImpact: "NONE", userInteraction: "NONE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", version: "4.0", vulnAvailabilityImpact: "LOW", vulnConfidentialityImpact: "LOW", vulnIntegrityImpact: "LOW", vulnerabilityResponseEffort: "NOT_DEFINED", }, source: "cna@vuldb.com", type: "Secondary", }, ], }, published: "2024-05-20T02:15:09.613", references: [ { source: "cna@vuldb.com", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2017.pdf", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.265102", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?id.265102", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.338516", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2017.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.265102", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?id.265102", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.338516", }, ], sourceIdentifier: "cna@vuldb.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "cna@vuldb.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-14 15:44
Modified
2025-02-19 18:06
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file /view/my_student_exam_marks1.php. The manipulation of the argument year leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-263598 is the identifier assigned to this vulnerability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2027.pdf | Exploit | |
| cna@vuldb.com | https://vuldb.com/?ctiid.263598 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.263598 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.331314 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2027.pdf | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?ctiid.263598 | Permissions Required, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.263598 | Permissions Required, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?submit.331314 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| campcodes | complete_web-based_school_management_system | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", matchCriteriaId: "3B428FEE-6202-4945-8D0F-4E4734D573EC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file /view/my_student_exam_marks1.php. The manipulation of the argument year leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-263598 is the identifier assigned to this vulnerability.", }, { lang: "es", value: "Se encontró una vulnerabilidad en Campcodes Complete Web-Based School Management System 1.0. Ha sido clasificada como problemática. Una función desconocida del archivo /view/my_student_exam_marks1.php es afectada por esta vulnerabilidad. La manipulación del argumento año conduce a Cross Site Scripting. Es posible lanzar el ataque de forma remota. El exploit ha sido divulgado al público y puede utilizarse. VDB-263598 es el identificador asignado a esta vulnerabilidad.", }, ], id: "CVE-2024-4677", lastModified: "2025-02-19T18:06:26.043", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "cna@vuldb.com", type: "Secondary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.5, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 1.4, source: "cna@vuldb.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], cvssMetricV40: [ { cvssData: { Automatable: "NOT_DEFINED", Recovery: "NOT_DEFINED", Safety: "NOT_DEFINED", attackComplexity: "LOW", attackRequirements: "NONE", attackVector: "NETWORK", availabilityRequirement: "NOT_DEFINED", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityRequirement: "NOT_DEFINED", exploitMaturity: "NOT_DEFINED", integrityRequirement: "NOT_DEFINED", modifiedAttackComplexity: "NOT_DEFINED", modifiedAttackRequirements: "NOT_DEFINED", modifiedAttackVector: "NOT_DEFINED", modifiedPrivilegesRequired: "NOT_DEFINED", modifiedSubAvailabilityImpact: "NOT_DEFINED", modifiedSubConfidentialityImpact: "NOT_DEFINED", modifiedSubIntegrityImpact: "NOT_DEFINED", modifiedUserInteraction: "NOT_DEFINED", modifiedVulnAvailabilityImpact: "NOT_DEFINED", modifiedVulnConfidentialityImpact: "NOT_DEFINED", modifiedVulnIntegrityImpact: "NOT_DEFINED", privilegesRequired: "LOW", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "NONE", subConfidentialityImpact: "NONE", subIntegrityImpact: "NONE", userInteraction: "NONE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", version: "4.0", vulnAvailabilityImpact: "NONE", vulnConfidentialityImpact: "NONE", vulnIntegrityImpact: "LOW", vulnerabilityResponseEffort: "NOT_DEFINED", }, source: "cna@vuldb.com", type: "Secondary", }, ], }, published: "2024-05-14T15:44:19.093", references: [ { source: "cna@vuldb.com", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2027.pdf", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.263598", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?id.263598", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.331314", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2027.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.263598", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?id.263598", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.331314", }, ], sourceIdentifier: "cna@vuldb.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "cna@vuldb.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-23 06:15
Modified
2025-03-01 01:44
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
A vulnerability, which was classified as critical, was found in Campcodes Complete Web-Based School Management System 1.0. This affects an unknown part of the file /view/timetable_insert_form.php. The manipulation of the argument grade leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-265989 was assigned to this vulnerability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2028.pdf | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?ctiid.265989 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.265989 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.339814 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2028.pdf | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?ctiid.265989 | Permissions Required, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.265989 | Permissions Required, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?submit.339814 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| campcodes | complete_web-based_school_management_system | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", matchCriteriaId: "3B428FEE-6202-4945-8D0F-4E4734D573EC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability, which was classified as critical, was found in Campcodes Complete Web-Based School Management System 1.0. This affects an unknown part of the file /view/timetable_insert_form.php. The manipulation of the argument grade leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-265989 was assigned to this vulnerability.", }, { lang: "es", value: "Una vulnerabilidad fue encontrada en Campcodes Complete Web-Based School Management System 1.0 y clasificada como crítica. Esto afecta a una parte desconocida del archivo /view/timetable_insert_form.php. La manipulación del grado del argumento conduce a la inyección de SQL. Es posible iniciar el ataque de forma remota. El exploit ha sido divulgado al público y puede utilizarse. A esta vulnerabilidad se le asignó el identificador VDB-265989.", }, ], id: "CVE-2024-5238", lastModified: "2025-03-01T01:44:46.590", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "cna@vuldb.com", type: "Secondary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.4, source: "cna@vuldb.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], cvssMetricV40: [ { cvssData: { Automatable: "NOT_DEFINED", Recovery: "NOT_DEFINED", Safety: "NOT_DEFINED", attackComplexity: "LOW", attackRequirements: "NONE", attackVector: "NETWORK", availabilityRequirement: "NOT_DEFINED", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityRequirement: "NOT_DEFINED", exploitMaturity: "NOT_DEFINED", integrityRequirement: "NOT_DEFINED", modifiedAttackComplexity: "NOT_DEFINED", modifiedAttackRequirements: "NOT_DEFINED", modifiedAttackVector: "NOT_DEFINED", modifiedPrivilegesRequired: "NOT_DEFINED", modifiedSubAvailabilityImpact: "NOT_DEFINED", modifiedSubConfidentialityImpact: "NOT_DEFINED", modifiedSubIntegrityImpact: "NOT_DEFINED", modifiedUserInteraction: "NOT_DEFINED", modifiedVulnAvailabilityImpact: "NOT_DEFINED", modifiedVulnConfidentialityImpact: "NOT_DEFINED", modifiedVulnIntegrityImpact: "NOT_DEFINED", privilegesRequired: "LOW", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "NONE", subConfidentialityImpact: "NONE", subIntegrityImpact: "NONE", userInteraction: "NONE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", version: "4.0", vulnAvailabilityImpact: "LOW", vulnConfidentialityImpact: "LOW", vulnIntegrityImpact: "LOW", vulnerabilityResponseEffort: "NOT_DEFINED", }, source: "cna@vuldb.com", type: "Secondary", }, ], }, published: "2024-05-23T06:15:12.920", references: [ { source: "cna@vuldb.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2028.pdf", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.265989", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?id.265989", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.339814", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2028.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.265989", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?id.265989", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.339814", }, ], sourceIdentifier: "cna@vuldb.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "cna@vuldb.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-06 02:15
Modified
2025-02-19 18:00
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability, which was classified as problematic, has been found in Campcodes Complete Web-Based School Management System 1.0. This issue affects some unknown processing of the file /view/timetable_update_form.php. The manipulation of the argument grade leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263117 was assigned to this vulnerability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%201.pdf | Exploit | |
| cna@vuldb.com | https://vuldb.com/?ctiid.263117 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.263117 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.329694 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%201.pdf | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?ctiid.263117 | Permissions Required, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.263117 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?submit.329694 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| campcodes | complete_web-based_school_management_system | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", matchCriteriaId: "3B428FEE-6202-4945-8D0F-4E4734D573EC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability, which was classified as problematic, has been found in Campcodes Complete Web-Based School Management System 1.0. This issue affects some unknown processing of the file /view/timetable_update_form.php. The manipulation of the argument grade leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263117 was assigned to this vulnerability.", }, { lang: "es", value: "Una vulnerabilidad fue encontrada en Campcodes Complete Web-Based School Management System 1.0 y clasificada como problemática. Este problema afecta un procesamiento desconocido del archivo /view/timetable_update_form.php. La manipulación de la calificación del argumento conduce a cross site scripting. El ataque puede iniciarse de forma remota. El exploit ha sido divulgado al público y puede utilizarse. A esta vulnerabilidad se le asignó el identificador VDB-263117.", }, ], id: "CVE-2024-4513", lastModified: "2025-02-19T18:00:11.330", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "cna@vuldb.com", type: "Secondary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.5, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 1.4, source: "cna@vuldb.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-05-06T02:15:07.043", references: [ { source: "cna@vuldb.com", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%201.pdf", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.263117", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?id.263117", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.329694", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%201.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.263117", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?id.263117", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.329694", }, ], sourceIdentifier: "cna@vuldb.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "cna@vuldb.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-23 05:15
Modified
2025-02-27 14:55
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
A vulnerability classified as critical was found in Campcodes Complete Web-Based School Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /view/teacher_salary_invoice1.php. The manipulation of the argument date leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-265987.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2026.pdf | Exploit | |
| cna@vuldb.com | https://vuldb.com/?ctiid.265987 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.265987 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.339812 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2026.pdf | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?ctiid.265987 | Permissions Required, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.265987 | Permissions Required, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?submit.339812 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| campcodes | complete_web-based_school_management_system | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", matchCriteriaId: "3B428FEE-6202-4945-8D0F-4E4734D573EC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability classified as critical was found in Campcodes Complete Web-Based School Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /view/teacher_salary_invoice1.php. The manipulation of the argument date leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-265987.", }, { lang: "es", value: "Una vulnerabilidad fue encontrada en Campcodes Complete Web-Based School Management System 1.0 y clasificada como crítica. Una función desconocida del archivo /view/teacher_salary_invoice1.php es afectada por esta vulnerabilidad. La manipulación del argumento fecha conduce a la inyección de SQL. El ataque se puede lanzar de forma remota. El exploit ha sido divulgado al público y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-265987.", }, ], id: "CVE-2024-5236", lastModified: "2025-02-27T14:55:50.787", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "cna@vuldb.com", type: "Secondary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.4, source: "cna@vuldb.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], cvssMetricV40: [ { cvssData: { Automatable: "NOT_DEFINED", Recovery: "NOT_DEFINED", Safety: "NOT_DEFINED", attackComplexity: "LOW", attackRequirements: "NONE", attackVector: "NETWORK", availabilityRequirement: "NOT_DEFINED", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityRequirement: "NOT_DEFINED", exploitMaturity: "NOT_DEFINED", integrityRequirement: "NOT_DEFINED", modifiedAttackComplexity: "NOT_DEFINED", modifiedAttackRequirements: "NOT_DEFINED", modifiedAttackVector: "NOT_DEFINED", modifiedPrivilegesRequired: "NOT_DEFINED", modifiedSubAvailabilityImpact: "NOT_DEFINED", modifiedSubConfidentialityImpact: "NOT_DEFINED", modifiedSubIntegrityImpact: "NOT_DEFINED", modifiedUserInteraction: "NOT_DEFINED", modifiedVulnAvailabilityImpact: "NOT_DEFINED", modifiedVulnConfidentialityImpact: "NOT_DEFINED", modifiedVulnIntegrityImpact: "NOT_DEFINED", privilegesRequired: "LOW", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "NONE", subConfidentialityImpact: "NONE", subIntegrityImpact: "NONE", userInteraction: "NONE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", version: "4.0", vulnAvailabilityImpact: "LOW", vulnConfidentialityImpact: "LOW", vulnIntegrityImpact: "LOW", vulnerabilityResponseEffort: "NOT_DEFINED", }, source: "cna@vuldb.com", type: "Secondary", }, ], }, published: "2024-05-23T05:15:50.203", references: [ { source: "cna@vuldb.com", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2026.pdf", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.265987", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?id.265987", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.339812", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2026.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.265987", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?id.265987", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.339812", }, ], sourceIdentifier: "cna@vuldb.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "cna@vuldb.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-20 01:15
Modified
2025-02-21 20:22
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
A vulnerability has been found in Campcodes Complete Web-Based School Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /view/student_payment_history.php. The manipulation of the argument index leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-265099.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2014.pdf | Exploit | |
| cna@vuldb.com | https://vuldb.com/?ctiid.265099 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.265099 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.338513 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2014.pdf | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?ctiid.265099 | Permissions Required, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.265099 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?submit.338513 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| campcodes | complete_web-based_school_management_system | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", matchCriteriaId: "3B428FEE-6202-4945-8D0F-4E4734D573EC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability has been found in Campcodes Complete Web-Based School Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /view/student_payment_history.php. The manipulation of the argument index leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-265099.", }, { lang: "es", value: "Una vulnerabilidad ha sido encontrada en Campcodes Complete Web-Based School Management System 1.0 y clasificada como crítica. Una función desconocida del archivo /view/student_paid_history.php es afectada por esta vulnerabilidad. La manipulación del argumento index conduce a la inyección de SQL. El ataque se puede lanzar de forma remota. El exploit ha sido divulgado al público y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-265099.", }, ], id: "CVE-2024-5109", lastModified: "2025-02-21T20:22:51.190", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "cna@vuldb.com", type: "Secondary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.4, source: "cna@vuldb.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], cvssMetricV40: [ { cvssData: { Automatable: "NOT_DEFINED", Recovery: "NOT_DEFINED", Safety: "NOT_DEFINED", attackComplexity: "LOW", attackRequirements: "NONE", attackVector: "NETWORK", availabilityRequirement: "NOT_DEFINED", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityRequirement: "NOT_DEFINED", exploitMaturity: "NOT_DEFINED", integrityRequirement: "NOT_DEFINED", modifiedAttackComplexity: "NOT_DEFINED", modifiedAttackRequirements: "NOT_DEFINED", modifiedAttackVector: "NOT_DEFINED", modifiedPrivilegesRequired: "NOT_DEFINED", modifiedSubAvailabilityImpact: "NOT_DEFINED", modifiedSubConfidentialityImpact: "NOT_DEFINED", modifiedSubIntegrityImpact: "NOT_DEFINED", modifiedUserInteraction: "NOT_DEFINED", modifiedVulnAvailabilityImpact: "NOT_DEFINED", modifiedVulnConfidentialityImpact: "NOT_DEFINED", modifiedVulnIntegrityImpact: "NOT_DEFINED", privilegesRequired: "LOW", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "NONE", subConfidentialityImpact: "NONE", subIntegrityImpact: "NONE", userInteraction: "NONE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", version: "4.0", vulnAvailabilityImpact: "LOW", vulnConfidentialityImpact: "LOW", vulnIntegrityImpact: "LOW", vulnerabilityResponseEffort: "NOT_DEFINED", }, source: "cna@vuldb.com", type: "Secondary", }, ], }, published: "2024-05-20T01:15:08.923", references: [ { source: "cna@vuldb.com", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2014.pdf", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.265099", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?id.265099", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.338513", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2014.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.265099", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?id.265099", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.338513", }, ], sourceIdentifier: "cna@vuldb.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "cna@vuldb.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-23 05:15
Modified
2025-03-01 01:41
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /view/teacher_salary_history1.php. The manipulation of the argument index leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-265985 was assigned to this vulnerability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2024.pdf | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?ctiid.265985 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.265985 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.339810 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2024.pdf | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?ctiid.265985 | Permissions Required, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.265985 | Permissions Required, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?submit.339810 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| campcodes | complete_web-based_school_management_system | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", matchCriteriaId: "3B428FEE-6202-4945-8D0F-4E4734D573EC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /view/teacher_salary_history1.php. The manipulation of the argument index leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-265985 was assigned to this vulnerability.", }, { lang: "es", value: "Se encontró una vulnerabilidad en Campcodes Complete Web-Based School Management System 1.0. Ha sido calificada como crítica. Este problema afecta un procesamiento desconocido del archivo /view/teacher_salary_history1.php. La manipulación del índice del argumento conduce a la inyección de SQL. El ataque puede iniciarse de forma remota. El exploit ha sido divulgado al público y puede utilizarse. A esta vulnerabilidad se le asignó el identificador VDB-265985.", }, ], id: "CVE-2024-5234", lastModified: "2025-03-01T01:41:29.640", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "cna@vuldb.com", type: "Secondary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.4, source: "cna@vuldb.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], cvssMetricV40: [ { cvssData: { Automatable: "NOT_DEFINED", Recovery: "NOT_DEFINED", Safety: "NOT_DEFINED", attackComplexity: "LOW", attackRequirements: "NONE", attackVector: "NETWORK", availabilityRequirement: "NOT_DEFINED", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityRequirement: "NOT_DEFINED", exploitMaturity: "NOT_DEFINED", integrityRequirement: "NOT_DEFINED", modifiedAttackComplexity: "NOT_DEFINED", modifiedAttackRequirements: "NOT_DEFINED", modifiedAttackVector: "NOT_DEFINED", modifiedPrivilegesRequired: "NOT_DEFINED", modifiedSubAvailabilityImpact: "NOT_DEFINED", modifiedSubConfidentialityImpact: "NOT_DEFINED", modifiedSubIntegrityImpact: "NOT_DEFINED", modifiedUserInteraction: "NOT_DEFINED", modifiedVulnAvailabilityImpact: "NOT_DEFINED", modifiedVulnConfidentialityImpact: "NOT_DEFINED", modifiedVulnIntegrityImpact: "NOT_DEFINED", privilegesRequired: "LOW", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "NONE", subConfidentialityImpact: "NONE", subIntegrityImpact: "NONE", userInteraction: "NONE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", version: "4.0", vulnAvailabilityImpact: "LOW", vulnConfidentialityImpact: "LOW", vulnIntegrityImpact: "LOW", vulnerabilityResponseEffort: "NOT_DEFINED", }, source: "cna@vuldb.com", type: "Secondary", }, ], }, published: "2024-05-23T05:15:49.693", references: [ { source: "cna@vuldb.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2024.pdf", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.265985", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?id.265985", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.339810", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2024.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.265985", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?id.265985", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.339810", }, ], sourceIdentifier: "cna@vuldb.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "cna@vuldb.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-06 18:15
Modified
2025-03-25 17:20
Severity ?
Summary
SQL injection vulnerability in /model/delete_student_grade_subject.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the index parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| campcodes | complete_web-based_school_management_system | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", matchCriteriaId: "3B428FEE-6202-4945-8D0F-4E4734D573EC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "SQL injection vulnerability in /model/delete_student_grade_subject.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the index parameter.", }, { lang: "es", value: "Vulnerabilidad de inyección SQL en /model/delete_student_grade_subject.php en campcodes Complete Web-Based School Management System 1.0 permite al atacante ejecutar comandos SQL arbitrarios a través del parámetro index.", }, ], id: "CVE-2024-33406", lastModified: "2025-03-25T17:20:38.690", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.4, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-05-06T18:15:08.067", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%205.pdf", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%207.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%205.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%207.pdf", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-28 18:15
Modified
2025-03-25 17:13
Severity ?
Summary
A SQL injection vulnerability in /model/approve_petty_cash.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the id parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| campcodes | complete_web-based_school_management_system | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", matchCriteriaId: "3B428FEE-6202-4945-8D0F-4E4734D573EC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A SQL injection vulnerability in /model/approve_petty_cash.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the id parameter.", }, { lang: "es", value: "Una vulnerabilidad de inyección SQL en /model/approve_petty_cash.php en campcodes Complete Web-Based School Management System 1.0 permite a un atacante ejecutar comandos SQL arbitrarios a través del parámetro id.", }, ], id: "CVE-2024-33402", lastModified: "2025-03-25T17:13:49.303", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.2, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-05-28T18:15:09.010", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%204.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%204.pdf", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-20 03:15
Modified
2025-02-21 20:01
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /view/student_profile1.php. The manipulation of the argument std_index leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-265103.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2018.pdf | Exploit | |
| cna@vuldb.com | https://vuldb.com/?ctiid.265103 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.265103 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.338517 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2018.pdf | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?ctiid.265103 | Permissions Required, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.265103 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?submit.338517 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| campcodes | complete_web-based_school_management_system | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", matchCriteriaId: "3B428FEE-6202-4945-8D0F-4E4734D573EC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /view/student_profile1.php. The manipulation of the argument std_index leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-265103.", }, { lang: "es", value: "Se encontró una vulnerabilidad en Campcodes Complete Web-Based School Management System 1.0. Ha sido calificada como crítica. Este problema afecta un procesamiento desconocido del archivo /view/student_profile1.php. La manipulación del argumento std_index conduce a la inyección de SQL. El ataque puede iniciarse de forma remota. El exploit ha sido divulgado al público y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-265103.", }, ], id: "CVE-2024-5113", lastModified: "2025-02-21T20:01:00.100", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "cna@vuldb.com", type: "Secondary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.4, source: "cna@vuldb.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], cvssMetricV40: [ { cvssData: { Automatable: "NOT_DEFINED", Recovery: "NOT_DEFINED", Safety: "NOT_DEFINED", attackComplexity: "LOW", attackRequirements: "NONE", attackVector: "NETWORK", availabilityRequirement: "NOT_DEFINED", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityRequirement: "NOT_DEFINED", exploitMaturity: "NOT_DEFINED", integrityRequirement: "NOT_DEFINED", modifiedAttackComplexity: "NOT_DEFINED", modifiedAttackRequirements: "NOT_DEFINED", modifiedAttackVector: "NOT_DEFINED", modifiedPrivilegesRequired: "NOT_DEFINED", modifiedSubAvailabilityImpact: "NOT_DEFINED", modifiedSubConfidentialityImpact: "NOT_DEFINED", modifiedSubIntegrityImpact: "NOT_DEFINED", modifiedUserInteraction: "NOT_DEFINED", modifiedVulnAvailabilityImpact: "NOT_DEFINED", modifiedVulnConfidentialityImpact: "NOT_DEFINED", modifiedVulnIntegrityImpact: "NOT_DEFINED", privilegesRequired: "LOW", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "NONE", subConfidentialityImpact: "NONE", subIntegrityImpact: "NONE", userInteraction: "NONE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", version: "4.0", vulnAvailabilityImpact: "LOW", vulnConfidentialityImpact: "LOW", vulnIntegrityImpact: "LOW", vulnerabilityResponseEffort: "NOT_DEFINED", }, source: "cna@vuldb.com", type: "Secondary", }, ], }, published: "2024-05-20T03:15:08.867", references: [ { source: "cna@vuldb.com", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2018.pdf", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.265103", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?id.265103", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.338517", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2018.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.265103", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?id.265103", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.338517", }, ], sourceIdentifier: "cna@vuldb.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "cna@vuldb.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-23 17:15
Modified
2025-03-25 17:20
Severity ?
Summary
A SQL injection vulnerability in /model/update_subject_routing.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the grade parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| campcodes | complete_web-based_school_management_system | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", matchCriteriaId: "3B428FEE-6202-4945-8D0F-4E4734D573EC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A SQL injection vulnerability in /model/update_subject_routing.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the grade parameter.", }, { lang: "es", value: "Una vulnerabilidad de inyección SQL en /model/update_subject_routing.php en Campcodes Complete Web-Based School Management System 1.0 permite a un atacante ejecutar comandos SQL arbitrarios a través del parámetro de calificación.", }, ], id: "CVE-2024-34928", lastModified: "2025-03-25T17:20:01.637", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.4, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-05-23T17:15:29.460", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2025.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2025.pdf", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-20 04:15
Modified
2025-02-21 20:51
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
A vulnerability classified as critical was found in Campcodes Complete Web-Based School Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /view/teacher_profile.php. The manipulation of the argument index leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-265105 was assigned to this vulnerability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2020.pdf | Exploit | |
| cna@vuldb.com | https://vuldb.com/?ctiid.265105 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.265105 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.338519 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2020.pdf | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?ctiid.265105 | Permissions Required, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.265105 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?submit.338519 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| campcodes | complete_web-based_school_management_system | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", matchCriteriaId: "3B428FEE-6202-4945-8D0F-4E4734D573EC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability classified as critical was found in Campcodes Complete Web-Based School Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /view/teacher_profile.php. The manipulation of the argument index leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-265105 was assigned to this vulnerability.", }, { lang: "es", value: "Una vulnerabilidad fue encontrada en Campcodes Complete Web-Based School Management System 1.0 y clasificada como crítica. Una función desconocida del archivo /view/teacher_profile.php es afectada por esta vulnerabilidad. La manipulación del argumento index conduce a la inyección de SQL. El ataque se puede lanzar de forma remota. El exploit ha sido divulgado al público y puede utilizarse. A esta vulnerabilidad se le asignó el identificador VDB-265105.", }, ], id: "CVE-2024-5115", lastModified: "2025-02-21T20:51:40.910", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "cna@vuldb.com", type: "Secondary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.4, source: "cna@vuldb.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], cvssMetricV40: [ { cvssData: { Automatable: "NOT_DEFINED", Recovery: "NOT_DEFINED", Safety: "NOT_DEFINED", attackComplexity: "LOW", attackRequirements: "NONE", attackVector: "NETWORK", availabilityRequirement: "NOT_DEFINED", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityRequirement: "NOT_DEFINED", exploitMaturity: "NOT_DEFINED", integrityRequirement: "NOT_DEFINED", modifiedAttackComplexity: "NOT_DEFINED", modifiedAttackRequirements: "NOT_DEFINED", modifiedAttackVector: "NOT_DEFINED", modifiedPrivilegesRequired: "NOT_DEFINED", modifiedSubAvailabilityImpact: "NOT_DEFINED", modifiedSubConfidentialityImpact: "NOT_DEFINED", modifiedSubIntegrityImpact: "NOT_DEFINED", modifiedUserInteraction: "NOT_DEFINED", modifiedVulnAvailabilityImpact: "NOT_DEFINED", modifiedVulnConfidentialityImpact: "NOT_DEFINED", modifiedVulnIntegrityImpact: "NOT_DEFINED", privilegesRequired: "LOW", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "NONE", subConfidentialityImpact: "NONE", subIntegrityImpact: "NONE", userInteraction: "NONE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", version: "4.0", vulnAvailabilityImpact: "LOW", vulnConfidentialityImpact: "LOW", vulnIntegrityImpact: "LOW", vulnerabilityResponseEffort: "NOT_DEFINED", }, source: "cna@vuldb.com", type: "Secondary", }, ], }, published: "2024-05-20T04:15:08.747", references: [ { source: "cna@vuldb.com", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2020.pdf", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.265105", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?id.265105", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.338519", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2020.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.265105", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?id.265105", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.338519", }, ], sourceIdentifier: "cna@vuldb.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "cna@vuldb.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-14 15:44
Modified
2025-02-19 18:57
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability, which was classified as problematic, has been found in Campcodes Complete Web-Based School Management System 1.0. Affected by this issue is some unknown functionality of the file /model/update_subject.php. The manipulation of the argument name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263792.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2037.pdf | Exploit | |
| cna@vuldb.com | https://vuldb.com/?ctiid.263792 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.263792 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.331880 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2037.pdf | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?ctiid.263792 | Permissions Required, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.263792 | Permissions Required, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?submit.331880 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| campcodes | complete_web-based_school_management_system | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", matchCriteriaId: "3B428FEE-6202-4945-8D0F-4E4734D573EC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability, which was classified as problematic, has been found in Campcodes Complete Web-Based School Management System 1.0. Affected by this issue is some unknown functionality of the file /model/update_subject.php. The manipulation of the argument name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263792.", }, { lang: "es", value: "Una vulnerabilidad fue encontrada en Campcodes Complete Web-Based School Management System 1.0 y clasificada como problemática. Una función desconocida del archivo /model/update_subject.php es afectada por esta vulnerabilidad. La manipulación del nombre del argumento conduce a Cross Site Scripting. El ataque puede lanzarse de forma remota. El exploit ha sido divulgado al público y puede utilizarse. El identificador de esta vulnerabilidad es VDB-263792.", }, ], id: "CVE-2024-4714", lastModified: "2025-02-19T18:57:48.610", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "cna@vuldb.com", type: "Secondary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.5, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 1.4, source: "cna@vuldb.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], cvssMetricV40: [ { cvssData: { Automatable: "NOT_DEFINED", Recovery: "NOT_DEFINED", Safety: "NOT_DEFINED", attackComplexity: "LOW", attackRequirements: "NONE", attackVector: "NETWORK", availabilityRequirement: "NOT_DEFINED", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityRequirement: "NOT_DEFINED", exploitMaturity: "NOT_DEFINED", integrityRequirement: "NOT_DEFINED", modifiedAttackComplexity: "NOT_DEFINED", modifiedAttackRequirements: "NOT_DEFINED", modifiedAttackVector: "NOT_DEFINED", modifiedPrivilegesRequired: "NOT_DEFINED", modifiedSubAvailabilityImpact: "NOT_DEFINED", modifiedSubConfidentialityImpact: "NOT_DEFINED", modifiedSubIntegrityImpact: "NOT_DEFINED", modifiedUserInteraction: "NOT_DEFINED", modifiedVulnAvailabilityImpact: "NOT_DEFINED", modifiedVulnConfidentialityImpact: "NOT_DEFINED", modifiedVulnIntegrityImpact: "NOT_DEFINED", privilegesRequired: "LOW", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "NONE", subConfidentialityImpact: "NONE", subIntegrityImpact: "NONE", userInteraction: "NONE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", version: "4.0", vulnAvailabilityImpact: "NONE", vulnConfidentialityImpact: "NONE", vulnIntegrityImpact: "LOW", vulnerabilityResponseEffort: "NOT_DEFINED", }, source: "cna@vuldb.com", type: "Secondary", }, ], }, published: "2024-05-14T15:44:28.660", references: [ { source: "cna@vuldb.com", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2037.pdf", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.263792", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?id.263792", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.331880", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2037.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.263792", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?id.263792", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.331880", }, ], sourceIdentifier: "cna@vuldb.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "cna@vuldb.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-14 15:44
Modified
2025-02-19 19:01
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /model/update_classroom.php. The manipulation of the argument name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263795.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2040.pdf | Exploit | |
| cna@vuldb.com | https://vuldb.com/?ctiid.263795 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.263795 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.331883 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2040.pdf | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?ctiid.263795 | Permissions Required, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.263795 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?submit.331883 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| campcodes | complete_web-based_school_management_system | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", matchCriteriaId: "3B428FEE-6202-4945-8D0F-4E4734D573EC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /model/update_classroom.php. The manipulation of the argument name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263795.", }, { lang: "es", value: "Una vulnerabilidad fue encontrada en Campcodes Complete Web-Based School Management System 1.0 y clasificada como problemática. Este problema afecta un procesamiento desconocido del archivo /model/update_classroom.php. La manipulación del nombre del argumento conduce a Cross Site Scripting. El ataque puede iniciarse de forma remota. El exploit ha sido divulgado al público y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-263795.", }, ], id: "CVE-2024-4717", lastModified: "2025-02-19T19:01:11.497", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "cna@vuldb.com", type: "Secondary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.5, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 1.4, source: "cna@vuldb.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], cvssMetricV40: [ { cvssData: { Automatable: "NOT_DEFINED", Recovery: "NOT_DEFINED", Safety: "NOT_DEFINED", attackComplexity: "LOW", attackRequirements: "NONE", attackVector: "NETWORK", availabilityRequirement: "NOT_DEFINED", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityRequirement: "NOT_DEFINED", exploitMaturity: "NOT_DEFINED", integrityRequirement: "NOT_DEFINED", modifiedAttackComplexity: "NOT_DEFINED", modifiedAttackRequirements: "NOT_DEFINED", modifiedAttackVector: "NOT_DEFINED", modifiedPrivilegesRequired: "NOT_DEFINED", modifiedSubAvailabilityImpact: "NOT_DEFINED", modifiedSubConfidentialityImpact: "NOT_DEFINED", modifiedSubIntegrityImpact: "NOT_DEFINED", modifiedUserInteraction: "NOT_DEFINED", modifiedVulnAvailabilityImpact: "NOT_DEFINED", modifiedVulnConfidentialityImpact: "NOT_DEFINED", modifiedVulnIntegrityImpact: "NOT_DEFINED", privilegesRequired: "LOW", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "NONE", subConfidentialityImpact: "NONE", subIntegrityImpact: "NONE", userInteraction: "NONE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", version: "4.0", vulnAvailabilityImpact: "NONE", vulnConfidentialityImpact: "NONE", vulnIntegrityImpact: "LOW", vulnerabilityResponseEffort: "NOT_DEFINED", }, source: "cna@vuldb.com", type: "Secondary", }, ], }, published: "2024-05-14T15:44:30.490", references: [ { source: "cna@vuldb.com", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2040.pdf", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.263795", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?id.263795", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.331883", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2040.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.263795", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?id.263795", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.331883", }, ], sourceIdentifier: "cna@vuldb.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "cna@vuldb.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-14 15:44
Modified
2025-02-19 18:51
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability, which was classified as problematic, was found in Campcodes Complete Web-Based School Management System 1.0. This affects an unknown part of the file /model/update_grade.php. The manipulation of the argument name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263793 was assigned to this vulnerability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2038.pdf | Exploit | |
| cna@vuldb.com | https://vuldb.com/?ctiid.263793 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.263793 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.331881 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2038.pdf | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?ctiid.263793 | Permissions Required, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.263793 | Permissions Required, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?submit.331881 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| campcodes | complete_web-based_school_management_system | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", matchCriteriaId: "3B428FEE-6202-4945-8D0F-4E4734D573EC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability, which was classified as problematic, was found in Campcodes Complete Web-Based School Management System 1.0. This affects an unknown part of the file /model/update_grade.php. The manipulation of the argument name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263793 was assigned to this vulnerability.", }, { lang: "es", value: "Una vulnerabilidad fue encontrada en Campcodes Complete Web-Based School Management System 1.0 y clasificada como problemática. Esto afecta a una parte desconocida del archivo /model/update_grade.php. La manipulación del nombre del argumento conduce a Cross Site Scripting. Es posible iniciar el ataque de forma remota. El exploit ha sido divulgado al público y puede utilizarse. A esta vulnerabilidad se le asignó el identificador VDB-263793.", }, ], id: "CVE-2024-4715", lastModified: "2025-02-19T18:51:31.800", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "cna@vuldb.com", type: "Secondary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.5, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 1.4, source: "cna@vuldb.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], cvssMetricV40: [ { cvssData: { Automatable: "NOT_DEFINED", Recovery: "NOT_DEFINED", Safety: "NOT_DEFINED", attackComplexity: "LOW", attackRequirements: "NONE", attackVector: "NETWORK", availabilityRequirement: "NOT_DEFINED", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityRequirement: "NOT_DEFINED", exploitMaturity: "NOT_DEFINED", integrityRequirement: "NOT_DEFINED", modifiedAttackComplexity: "NOT_DEFINED", modifiedAttackRequirements: "NOT_DEFINED", modifiedAttackVector: "NOT_DEFINED", modifiedPrivilegesRequired: "NOT_DEFINED", modifiedSubAvailabilityImpact: "NOT_DEFINED", modifiedSubConfidentialityImpact: "NOT_DEFINED", modifiedSubIntegrityImpact: "NOT_DEFINED", modifiedUserInteraction: "NOT_DEFINED", modifiedVulnAvailabilityImpact: "NOT_DEFINED", modifiedVulnConfidentialityImpact: "NOT_DEFINED", modifiedVulnIntegrityImpact: "NOT_DEFINED", privilegesRequired: "LOW", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "NONE", subConfidentialityImpact: "NONE", subIntegrityImpact: "NONE", userInteraction: "NONE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", version: "4.0", vulnAvailabilityImpact: "NONE", vulnConfidentialityImpact: "NONE", vulnIntegrityImpact: "LOW", vulnerabilityResponseEffort: "NOT_DEFINED", }, source: "cna@vuldb.com", type: "Secondary", }, ], }, published: "2024-05-14T15:44:29.180", references: [ { source: "cna@vuldb.com", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2038.pdf", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.263793", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?id.263793", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.331881", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2038.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.263793", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?id.263793", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.331881", }, ], sourceIdentifier: "cna@vuldb.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "cna@vuldb.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-08 13:15
Modified
2025-02-19 18:04
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /view/student_first_payment.php. The manipulation of the argument index leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263491.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2016.pdf | Exploit | |
| cna@vuldb.com | https://vuldb.com/?ctiid.263491 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.263491 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.330121 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2016.pdf | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?ctiid.263491 | Permissions Required, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.263491 | Permissions Required, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?submit.330121 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| campcodes | complete_web-based_school_management_system | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", matchCriteriaId: "3B428FEE-6202-4945-8D0F-4E4734D573EC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /view/student_first_payment.php. The manipulation of the argument index leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263491.", }, { lang: "es", value: "Se encontró una vulnerabilidad en Campcodes Complete Web-Based School Management System 1.0. Ha sido declarada problemática. Una función desconocida del archivo /view/student_first_paid.php es afectada por esta vulnerabilidad. La manipulación del índice de argumentos conduce a cross site scripting. El ataque se puede lanzar de forma remota. El exploit ha sido divulgado al público y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-263491.", }, ], id: "CVE-2024-4647", lastModified: "2025-02-19T18:04:19.093", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "cna@vuldb.com", type: "Secondary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.5, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 1.4, source: "cna@vuldb.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-05-08T13:15:08.517", references: [ { source: "cna@vuldb.com", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2016.pdf", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.263491", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?id.263491", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.330121", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2016.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.263491", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?id.263491", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.330121", }, ], sourceIdentifier: "cna@vuldb.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "cna@vuldb.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-15 19:15
Modified
2025-02-20 21:20
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /view/student_due_payment.php. The manipulation of the argument due_year leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-264444.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%205.pdf | Exploit | |
| cna@vuldb.com | https://vuldb.com/?ctiid.264444 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.264444 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.333295 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%205.pdf | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?ctiid.264444 | Permissions Required, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.264444 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?submit.333295 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| campcodes | complete_web-based_school_management_system | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", matchCriteriaId: "3B428FEE-6202-4945-8D0F-4E4734D573EC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /view/student_due_payment.php. The manipulation of the argument due_year leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-264444.", }, { lang: "es", value: "Se encontró una vulnerabilidad en Campcodes Complete Web-Based School Management System 1.0. Ha sido clasificada como crítica. Una función desconocida del archivo /view/student_due_paid.php es afectada por esta vulnerabilidad. La manipulación del argumento debido_año conduce a la inyección SQL. Es posible lanzar el ataque de forma remota. El exploit ha sido divulgado al público y puede utilizarse. El identificador de esta vulnerabilidad es VDB-264444.", }, ], id: "CVE-2024-4909", lastModified: "2025-02-20T21:20:22.503", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "cna@vuldb.com", type: "Secondary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.4, source: "cna@vuldb.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], cvssMetricV40: [ { cvssData: { Automatable: "NOT_DEFINED", Recovery: "NOT_DEFINED", Safety: "NOT_DEFINED", attackComplexity: "LOW", attackRequirements: "NONE", attackVector: "NETWORK", availabilityRequirement: "NOT_DEFINED", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityRequirement: "NOT_DEFINED", exploitMaturity: "NOT_DEFINED", integrityRequirement: "NOT_DEFINED", modifiedAttackComplexity: "NOT_DEFINED", modifiedAttackRequirements: "NOT_DEFINED", modifiedAttackVector: "NOT_DEFINED", modifiedPrivilegesRequired: "NOT_DEFINED", modifiedSubAvailabilityImpact: "NOT_DEFINED", modifiedSubConfidentialityImpact: "NOT_DEFINED", modifiedSubIntegrityImpact: "NOT_DEFINED", modifiedUserInteraction: "NOT_DEFINED", modifiedVulnAvailabilityImpact: "NOT_DEFINED", modifiedVulnConfidentialityImpact: "NOT_DEFINED", modifiedVulnIntegrityImpact: "NOT_DEFINED", privilegesRequired: "LOW", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "NONE", subConfidentialityImpact: "NONE", subIntegrityImpact: "NONE", userInteraction: "NONE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", version: "4.0", vulnAvailabilityImpact: "LOW", vulnConfidentialityImpact: "LOW", vulnIntegrityImpact: "LOW", vulnerabilityResponseEffort: "NOT_DEFINED", }, source: "cna@vuldb.com", type: "Secondary", }, ], }, published: "2024-05-15T19:15:09.320", references: [ { source: "cna@vuldb.com", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%205.pdf", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.264444", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?id.264444", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.333295", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%205.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.264444", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?id.264444", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.333295", }, ], sourceIdentifier: "cna@vuldb.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "cna@vuldb.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-15 19:15
Modified
2025-02-20 21:05
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
A vulnerability, which was classified as critical, was found in Campcodes Complete Web-Based School Management System 1.0. This affects an unknown part of the file /view/show_student1.php. The manipulation of the argument grade leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-264441 was assigned to this vulnerability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%202.pdf | Exploit | |
| cna@vuldb.com | https://vuldb.com/?ctiid.264441 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.264441 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.333292 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%202.pdf | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?ctiid.264441 | Permissions Required, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.264441 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?submit.333292 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| campcodes | complete_web-based_school_management_system | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", matchCriteriaId: "3B428FEE-6202-4945-8D0F-4E4734D573EC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability, which was classified as critical, was found in Campcodes Complete Web-Based School Management System 1.0. This affects an unknown part of the file /view/show_student1.php. The manipulation of the argument grade leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-264441 was assigned to this vulnerability.", }, { lang: "es", value: "Una vulnerabilidad fue encontrada en Campcodes Complete Web-Based School Management System 1.0 y clasificada como crítica. Esto afecta a una parte desconocida del archivo /view/show_student1.php. La manipulación del grado del argumento conduce a la inyección de SQL. Es posible iniciar el ataque de forma remota. El exploit ha sido divulgado al público y puede utilizarse. A esta vulnerabilidad se le asignó el identificador VDB-264441.", }, ], id: "CVE-2024-4906", lastModified: "2025-02-20T21:05:49.990", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "cna@vuldb.com", type: "Secondary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.4, source: "cna@vuldb.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], cvssMetricV40: [ { cvssData: { Automatable: "NOT_DEFINED", Recovery: "NOT_DEFINED", Safety: "NOT_DEFINED", attackComplexity: "LOW", attackRequirements: "NONE", attackVector: "NETWORK", availabilityRequirement: "NOT_DEFINED", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityRequirement: "NOT_DEFINED", exploitMaturity: "NOT_DEFINED", integrityRequirement: "NOT_DEFINED", modifiedAttackComplexity: "NOT_DEFINED", modifiedAttackRequirements: "NOT_DEFINED", modifiedAttackVector: "NOT_DEFINED", modifiedPrivilegesRequired: "NOT_DEFINED", modifiedSubAvailabilityImpact: "NOT_DEFINED", modifiedSubConfidentialityImpact: "NOT_DEFINED", modifiedSubIntegrityImpact: "NOT_DEFINED", modifiedUserInteraction: "NOT_DEFINED", modifiedVulnAvailabilityImpact: "NOT_DEFINED", modifiedVulnConfidentialityImpact: "NOT_DEFINED", modifiedVulnIntegrityImpact: "NOT_DEFINED", privilegesRequired: "LOW", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "NONE", subConfidentialityImpact: "NONE", subIntegrityImpact: "NONE", userInteraction: "NONE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", version: "4.0", vulnAvailabilityImpact: "LOW", vulnConfidentialityImpact: "LOW", vulnIntegrityImpact: "LOW", vulnerabilityResponseEffort: "NOT_DEFINED", }, source: "cna@vuldb.com", type: "Secondary", }, ], }, published: "2024-05-15T19:15:08.203", references: [ { source: "cna@vuldb.com", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%202.pdf", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.264441", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?id.264441", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.333292", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%202.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.264441", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?id.264441", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.333292", }, ], sourceIdentifier: "cna@vuldb.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "cna@vuldb.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-06 18:15
Modified
2025-03-25 17:20
Severity ?
Summary
A SQL injection vulnerability in /model/get_events.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the event_id parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| campcodes | complete_web-based_school_management_system | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", matchCriteriaId: "3B428FEE-6202-4945-8D0F-4E4734D573EC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A SQL injection vulnerability in /model/get_events.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the event_id parameter.", }, { lang: "es", value: "Una vulnerabilidad de inyección SQL en /model/get_events.php en campcodes Complete Web-Based School Management System 1.0 permite a un atacante ejecutar comandos SQL arbitrarios a través del parámetro event_id.", }, ], id: "CVE-2024-33403", lastModified: "2025-03-25T17:20:53.583", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-05-06T18:15:07.873", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2010.pdf", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%202.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2010.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%202.pdf", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-14 15:44
Modified
2025-02-19 19:01
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file /model/delete_student_grade_subject.php. The manipulation of the argument index leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263796.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2041.pdf | Exploit | |
| cna@vuldb.com | https://vuldb.com/?ctiid.263796 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.263796 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.331884 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2041.pdf | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?ctiid.263796 | Permissions Required, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.263796 | Permissions Required, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?submit.331884 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| campcodes | complete_web-based_school_management_system | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", matchCriteriaId: "3B428FEE-6202-4945-8D0F-4E4734D573EC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file /model/delete_student_grade_subject.php. The manipulation of the argument index leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263796.", }, { lang: "es", value: "Se encontró una vulnerabilidad en Campcodes Complete Web-Based School Management System 1.0. Ha sido clasificada como problemática. Una función desconocida del archivo /model/delete_student_grade_subject.php es afectada por esta vulnerabilidad. La manipulación del índice de argumentos conduce a Cross Site Scripting. Es posible lanzar el ataque de forma remota. El exploit ha sido divulgado al público y puede utilizarse. El identificador de esta vulnerabilidad es VDB-263796.", }, ], id: "CVE-2024-4718", lastModified: "2025-02-19T19:01:40.007", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "cna@vuldb.com", type: "Secondary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.5, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 1.4, source: "cna@vuldb.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], cvssMetricV40: [ { cvssData: { Automatable: "NOT_DEFINED", Recovery: "NOT_DEFINED", Safety: "NOT_DEFINED", attackComplexity: "LOW", attackRequirements: "NONE", attackVector: "NETWORK", availabilityRequirement: "NOT_DEFINED", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityRequirement: "NOT_DEFINED", exploitMaturity: "NOT_DEFINED", integrityRequirement: "NOT_DEFINED", modifiedAttackComplexity: "NOT_DEFINED", modifiedAttackRequirements: "NOT_DEFINED", modifiedAttackVector: "NOT_DEFINED", modifiedPrivilegesRequired: "NOT_DEFINED", modifiedSubAvailabilityImpact: "NOT_DEFINED", modifiedSubConfidentialityImpact: "NOT_DEFINED", modifiedSubIntegrityImpact: "NOT_DEFINED", modifiedUserInteraction: "NOT_DEFINED", modifiedVulnAvailabilityImpact: "NOT_DEFINED", modifiedVulnConfidentialityImpact: "NOT_DEFINED", modifiedVulnIntegrityImpact: "NOT_DEFINED", privilegesRequired: "LOW", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "NONE", subConfidentialityImpact: "NONE", subIntegrityImpact: "NONE", userInteraction: "NONE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", version: "4.0", vulnAvailabilityImpact: "NONE", vulnConfidentialityImpact: "NONE", vulnIntegrityImpact: "LOW", vulnerabilityResponseEffort: "NOT_DEFINED", }, source: "cna@vuldb.com", type: "Secondary", }, ], }, published: "2024-05-14T15:44:31.130", references: [ { source: "cna@vuldb.com", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2041.pdf", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.263796", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?id.263796", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.331884", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2041.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.263796", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?id.263796", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.331884", }, ], sourceIdentifier: "cna@vuldb.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "cna@vuldb.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-06 18:15
Modified
2025-03-25 17:20
Severity ?
Summary
A SQL injection vulnerability in /model/add_student_first_payment.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the index parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| campcodes | complete_web-based_school_management_system | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", matchCriteriaId: "3B428FEE-6202-4945-8D0F-4E4734D573EC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A SQL injection vulnerability in /model/add_student_first_payment.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the index parameter.", }, { lang: "es", value: "Una vulnerabilidad de inyección SQL en /model/add_student_first_paid.php en campcodes Complete Web-Based School Management System 1.0 permite a un atacante ejecutar comandos SQL arbitrarios a través del parámetro index.", }, ], id: "CVE-2024-33404", lastModified: "2025-03-25T17:20:48.000", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 8.3, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.5, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-05-06T18:15:07.927", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%203.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%203.pdf", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-23 07:15
Modified
2025-03-01 01:48
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /view/unread_msg.php. The manipulation of the argument my_index leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-265991.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2030.pdf | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?ctiid.265991 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.265991 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.339816 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2030.pdf | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?ctiid.265991 | Permissions Required, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.265991 | Permissions Required, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?submit.339816 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| campcodes | complete_web-based_school_management_system | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", matchCriteriaId: "3B428FEE-6202-4945-8D0F-4E4734D573EC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /view/unread_msg.php. The manipulation of the argument my_index leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-265991.", }, { lang: "es", value: "Una vulnerabilidad fue encontrada en Campcodes Complete Web-Based School Management System 1.0 y clasificada como crítica. Este problema afecta un procesamiento desconocido del archivo /view/unread_msg.php. La manipulación del argumento my_index conduce a la inyección de SQL. El ataque puede iniciarse de forma remota. El exploit ha sido divulgado al público y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-265991.", }, ], id: "CVE-2024-5240", lastModified: "2025-03-01T01:48:00.860", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "cna@vuldb.com", type: "Secondary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.4, source: "cna@vuldb.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], cvssMetricV40: [ { cvssData: { Automatable: "NOT_DEFINED", Recovery: "NOT_DEFINED", Safety: "NOT_DEFINED", attackComplexity: "LOW", attackRequirements: "NONE", attackVector: "NETWORK", availabilityRequirement: "NOT_DEFINED", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityRequirement: "NOT_DEFINED", exploitMaturity: "NOT_DEFINED", integrityRequirement: "NOT_DEFINED", modifiedAttackComplexity: "NOT_DEFINED", modifiedAttackRequirements: "NOT_DEFINED", modifiedAttackVector: "NOT_DEFINED", modifiedPrivilegesRequired: "NOT_DEFINED", modifiedSubAvailabilityImpact: "NOT_DEFINED", modifiedSubConfidentialityImpact: "NOT_DEFINED", modifiedSubIntegrityImpact: "NOT_DEFINED", modifiedUserInteraction: "NOT_DEFINED", modifiedVulnAvailabilityImpact: "NOT_DEFINED", modifiedVulnConfidentialityImpact: "NOT_DEFINED", modifiedVulnIntegrityImpact: "NOT_DEFINED", privilegesRequired: "LOW", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "NONE", subConfidentialityImpact: "NONE", subIntegrityImpact: "NONE", userInteraction: "NONE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", version: "4.0", vulnAvailabilityImpact: "LOW", vulnConfidentialityImpact: "LOW", vulnIntegrityImpact: "LOW", vulnerabilityResponseEffort: "NOT_DEFINED", }, source: "cna@vuldb.com", type: "Secondary", }, ], }, published: "2024-05-23T07:15:09.987", references: [ { source: "cna@vuldb.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2030.pdf", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.265991", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?id.265991", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.339816", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2030.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.265991", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?id.265991", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.339816", }, ], sourceIdentifier: "cna@vuldb.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "cna@vuldb.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-14 15:44
Modified
2025-02-19 18:58
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability classified as problematic was found in Campcodes Complete Web-Based School Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /view/all_teacher.php. The manipulation of the argument page leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263791.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2036.pdf | Exploit | |
| cna@vuldb.com | https://vuldb.com/?ctiid.263791 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.263791 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.331879 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2036.pdf | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?ctiid.263791 | Permissions Required, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.263791 | Permissions Required, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?submit.331879 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| campcodes | complete_web-based_school_management_system | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", matchCriteriaId: "3B428FEE-6202-4945-8D0F-4E4734D573EC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability classified as problematic was found in Campcodes Complete Web-Based School Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /view/all_teacher.php. The manipulation of the argument page leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263791.", }, { lang: "es", value: "Una vulnerabilidad fue encontrada en Campcodes Complete Web-Based School Management System 1.0 y clasificada como problemática. Una función desconocida del archivo /view/all_teacher.php es afectada por esta vulnerabilidad. La manipulación de la página de argumentos conduce a Cross Site Scripting. El ataque se puede lanzar de forma remota. El exploit ha sido divulgado al público y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-263791.", }, ], id: "CVE-2024-4713", lastModified: "2025-02-19T18:58:23.103", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "cna@vuldb.com", type: "Secondary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.5, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 1.4, source: "cna@vuldb.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], cvssMetricV40: [ { cvssData: { Automatable: "NOT_DEFINED", Recovery: "NOT_DEFINED", Safety: "NOT_DEFINED", attackComplexity: "LOW", attackRequirements: "NONE", attackVector: "NETWORK", availabilityRequirement: "NOT_DEFINED", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityRequirement: "NOT_DEFINED", exploitMaturity: "NOT_DEFINED", integrityRequirement: "NOT_DEFINED", modifiedAttackComplexity: "NOT_DEFINED", modifiedAttackRequirements: "NOT_DEFINED", modifiedAttackVector: "NOT_DEFINED", modifiedPrivilegesRequired: "NOT_DEFINED", modifiedSubAvailabilityImpact: "NOT_DEFINED", modifiedSubConfidentialityImpact: "NOT_DEFINED", modifiedSubIntegrityImpact: "NOT_DEFINED", modifiedUserInteraction: "NOT_DEFINED", modifiedVulnAvailabilityImpact: "NOT_DEFINED", modifiedVulnConfidentialityImpact: "NOT_DEFINED", modifiedVulnIntegrityImpact: "NOT_DEFINED", privilegesRequired: "LOW", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "NONE", subConfidentialityImpact: "NONE", subIntegrityImpact: "NONE", userInteraction: "NONE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", version: "4.0", vulnAvailabilityImpact: "NONE", vulnConfidentialityImpact: "NONE", vulnIntegrityImpact: "LOW", vulnerabilityResponseEffort: "NOT_DEFINED", }, source: "cna@vuldb.com", type: "Secondary", }, ], }, published: "2024-05-14T15:44:28.047", references: [ { source: "cna@vuldb.com", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2036.pdf", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.263791", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?id.263791", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.331879", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2036.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.263791", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?id.263791", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.331879", }, ], sourceIdentifier: "cna@vuldb.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "cna@vuldb.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-28 16:15
Modified
2025-03-25 17:14
Severity ?
Summary
A SQL injection vulnerability in /model/get_timetable.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the id parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| campcodes | complete_web-based_school_management_system | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", matchCriteriaId: "3B428FEE-6202-4945-8D0F-4E4734D573EC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A SQL injection vulnerability in /model/get_timetable.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the id parameter.", }, { lang: "es", value: "Una vulnerabilidad de inyección SQL en /model/get_timetable.php en campcodes Complete Web-Based School Management System 1.0 permite a un atacante ejecutar comandos SQL arbitrarios a través del parámetro id.", }, ], id: "CVE-2024-33808", lastModified: "2025-03-25T17:14:01.137", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-05-28T16:15:16.757", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2020.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2020.pdf", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-23 17:15
Modified
2025-03-25 17:19
Severity ?
Summary
A SQL injection vulnerability in /model/all_events1.php in Campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the month parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| campcodes | complete_web-based_school_management_system | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", matchCriteriaId: "3B428FEE-6202-4945-8D0F-4E4734D573EC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A SQL injection vulnerability in /model/all_events1.php in Campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the month parameter.", }, { lang: "es", value: "Una vulnerabilidad de inyección SQL en /model/all_events1.php en Campcodes Complete Web-Based School Management System 1.0 permite a un atacante ejecutar comandos SQL arbitrarios a través del parámetro mes.", }, ], id: "CVE-2024-34930", lastModified: "2025-03-25T17:19:53.680", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.4, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-05-23T17:15:29.830", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2026.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2026.pdf", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-23 17:15
Modified
2025-03-25 17:19
Severity ?
Summary
A SQL injection vulnerability in /model/update_subject.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the name parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| campcodes | complete_web-based_school_management_system | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", matchCriteriaId: "3B428FEE-6202-4945-8D0F-4E4734D573EC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A SQL injection vulnerability in /model/update_subject.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the name parameter.", }, { lang: "es", value: "Una vulnerabilidad de inyección SQL en /model/update_subject.php en Campcodes Complete Web-Based School Management System 1.0 permite a un atacante ejecutar comandos SQL arbitrarios a través del parámetro de nombre.", }, ], id: "CVE-2024-34931", lastModified: "2025-03-25T17:19:50.320", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-05-23T17:15:29.930", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2024.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2024.pdf", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-08 14:15
Modified
2025-02-19 18:09
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability, which was classified as problematic, was found in Campcodes Complete Web-Based School Management System 1.0. Affected is an unknown function of the file /view/show_teacher2.php. The manipulation of the argument month leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263496.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2021.pdf | Exploit | |
| cna@vuldb.com | https://vuldb.com/?ctiid.263496 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.263496 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.330126 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2021.pdf | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?ctiid.263496 | Permissions Required, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.263496 | Permissions Required, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?submit.330126 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| campcodes | complete_web-based_school_management_system | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", matchCriteriaId: "3B428FEE-6202-4945-8D0F-4E4734D573EC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability, which was classified as problematic, was found in Campcodes Complete Web-Based School Management System 1.0. Affected is an unknown function of the file /view/show_teacher2.php. The manipulation of the argument month leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263496.", }, { lang: "es", value: "Una vulnerabilidad fue encontrada en Campcodes Complete Web-Based School Management System 1.0 y clasificada como problemática. Una función desconocida del archivo /view/show_teacher2.php es afectada por esta vulnerabilidad. La manipulación del argumento mes conduce a cross site scripting. Es posible lanzar el ataque de forma remota. El exploit ha sido divulgado al público y puede utilizarse. El identificador de esta vulnerabilidad es VDB-263496.", }, ], id: "CVE-2024-4652", lastModified: "2025-02-19T18:09:24.927", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "cna@vuldb.com", type: "Secondary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.5, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 1.4, source: "cna@vuldb.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-05-08T14:15:09.780", references: [ { source: "cna@vuldb.com", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2021.pdf", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.263496", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?id.263496", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.330126", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2021.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.263496", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?id.263496", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.330126", }, ], sourceIdentifier: "cna@vuldb.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "cna@vuldb.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-23 17:15
Modified
2025-03-25 17:20
Severity ?
Summary
A SQL injection vulnerability in /model/update_classroom.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the name parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| campcodes | complete_web-based_school_management_system | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", matchCriteriaId: "3B428FEE-6202-4945-8D0F-4E4734D573EC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A SQL injection vulnerability in /model/update_classroom.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the name parameter.", }, { lang: "es", value: "Una vulnerabilidad de inyección SQL en /model/update_classroom.php en Campcodes Complete Web-Based School Management System 1.0 permite a un atacante ejecutar comandos SQL arbitrarios a través del parámetro de nombre.", }, ], id: "CVE-2024-34927", lastModified: "2025-03-25T17:20:04.570", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-05-23T17:15:29.373", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2021.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2021.pdf", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-20 02:15
Modified
2025-02-21 20:09
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been classified as critical. This affects an unknown part of the file /view/student_payment_invoice1.php. The manipulation of the argument date leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-265101 was assigned to this vulnerability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2016.pdf | Exploit | |
| cna@vuldb.com | https://vuldb.com/?ctiid.265101 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.265101 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.338515 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2016.pdf | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?ctiid.265101 | Permissions Required, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.265101 | Permissions Required, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?submit.338515 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| campcodes | complete_web-based_school_management_system | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", matchCriteriaId: "3B428FEE-6202-4945-8D0F-4E4734D573EC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been classified as critical. This affects an unknown part of the file /view/student_payment_invoice1.php. The manipulation of the argument date leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-265101 was assigned to this vulnerability.", }, { lang: "es", value: " Se encontró una vulnerabilidad en Campcodes Complete Web-Based School Management System 1.0. Ha sido clasificada como crítica. Esto afecta a una parte desconocida del archivo /view/student_paid_invoice1.php. La manipulación del argumento date conduce a la inyección de SQL. Es posible iniciar el ataque de forma remota. El exploit ha sido divulgado al público y puede utilizarse. A esta vulnerabilidad se le asignó el identificador VDB-265101.", }, ], id: "CVE-2024-5111", lastModified: "2025-02-21T20:09:47.700", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "cna@vuldb.com", type: "Secondary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.4, source: "cna@vuldb.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], cvssMetricV40: [ { cvssData: { Automatable: "NOT_DEFINED", Recovery: "NOT_DEFINED", Safety: "NOT_DEFINED", attackComplexity: "LOW", attackRequirements: "NONE", attackVector: "NETWORK", availabilityRequirement: "NOT_DEFINED", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityRequirement: "NOT_DEFINED", exploitMaturity: "NOT_DEFINED", integrityRequirement: "NOT_DEFINED", modifiedAttackComplexity: "NOT_DEFINED", modifiedAttackRequirements: "NOT_DEFINED", modifiedAttackVector: "NOT_DEFINED", modifiedPrivilegesRequired: "NOT_DEFINED", modifiedSubAvailabilityImpact: "NOT_DEFINED", modifiedSubConfidentialityImpact: "NOT_DEFINED", modifiedSubIntegrityImpact: "NOT_DEFINED", modifiedUserInteraction: "NOT_DEFINED", modifiedVulnAvailabilityImpact: "NOT_DEFINED", modifiedVulnConfidentialityImpact: "NOT_DEFINED", modifiedVulnIntegrityImpact: "NOT_DEFINED", privilegesRequired: "LOW", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "NONE", subConfidentialityImpact: "NONE", subIntegrityImpact: "NONE", userInteraction: "NONE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", version: "4.0", vulnAvailabilityImpact: "LOW", vulnConfidentialityImpact: "LOW", vulnIntegrityImpact: "LOW", vulnerabilityResponseEffort: "NOT_DEFINED", }, source: "cna@vuldb.com", type: "Secondary", }, ], }, published: "2024-05-20T02:15:09.367", references: [ { source: "cna@vuldb.com", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2016.pdf", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.265101", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?id.265101", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.338515", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2016.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.265101", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?id.265101", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.338515", }, ], sourceIdentifier: "cna@vuldb.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "cna@vuldb.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-28 16:15
Modified
2025-03-25 17:19
Severity ?
Summary
A SQL injection vulnerability in /model/get_teacher.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the id parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| campcodes | complete_web-based_school_management_system | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", matchCriteriaId: "3B428FEE-6202-4945-8D0F-4E4734D573EC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A SQL injection vulnerability in /model/get_teacher.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the id parameter.", }, { lang: "es", value: "Una vulnerabilidad de inyección SQL en /model/get_teacher.php en campcodes Complete Web-Based School Management System 1.0 permite a un atacante ejecutar comandos SQL arbitrarios a través del parámetro id.", }, ], id: "CVE-2024-33799", lastModified: "2025-03-25T17:19:16.673", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-05-28T16:15:15.937", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2018.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2018.pdf", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-08 13:15
Modified
2025-02-19 18:04
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file /view/student_payment_details.php. The manipulation of the argument index leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-263490 is the identifier assigned to this vulnerability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2015.pdf | Exploit | |
| cna@vuldb.com | https://vuldb.com/?ctiid.263490 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.263490 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.330120 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2015.pdf | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?ctiid.263490 | Permissions Required, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.263490 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?submit.330120 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| campcodes | complete_web-based_school_management_system | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", matchCriteriaId: "3B428FEE-6202-4945-8D0F-4E4734D573EC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file /view/student_payment_details.php. The manipulation of the argument index leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-263490 is the identifier assigned to this vulnerability.", }, { lang: "es", value: "Se encontró una vulnerabilidad en Campcodes Complete Web-Based School Management System 1.0. Ha sido clasificada como problemática. Una función desconocida del archivo /view/student_paid_details.php es afectada por esta vulnerabilidad. La manipulación del índice de argumentos conduce a cross site scripting. Es posible lanzar el ataque de forma remota. El exploit ha sido divulgado al público y puede utilizarse. VDB-263490 es el identificador asignado a esta vulnerabilidad.", }, ], id: "CVE-2024-4646", lastModified: "2025-02-19T18:04:41.253", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "cna@vuldb.com", type: "Secondary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.5, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 1.4, source: "cna@vuldb.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-05-08T13:15:08.307", references: [ { source: "cna@vuldb.com", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2015.pdf", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.263490", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?id.263490", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.330120", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2015.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.263490", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?id.263490", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.330120", }, ], sourceIdentifier: "cna@vuldb.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "cna@vuldb.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-08 14:15
Modified
2025-02-19 18:03
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability classified as problematic has been found in Campcodes Complete Web-Based School Management System 1.0. This affects an unknown part of the file /view/student_exam_mark_insert_form1.php. The manipulation of the argument page leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263493 was assigned to this vulnerability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2018.pdf | Exploit | |
| cna@vuldb.com | https://vuldb.com/?ctiid.263493 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.263493 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.330123 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2018.pdf | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?ctiid.263493 | Permissions Required, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.263493 | Permissions Required, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?submit.330123 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| campcodes | complete_web-based_school_management_system | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", matchCriteriaId: "3B428FEE-6202-4945-8D0F-4E4734D573EC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability classified as problematic has been found in Campcodes Complete Web-Based School Management System 1.0. This affects an unknown part of the file /view/student_exam_mark_insert_form1.php. The manipulation of the argument page leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263493 was assigned to this vulnerability.", }, { lang: "es", value: "Una vulnerabilidad ha sido encontrada en Campcodes Complete Web-Based School Management System 1.0 y clasificada como problemática. Esto afecta a una parte desconocida del archivo /view/student_exam_mark_insert_form1.php. La manipulación de la página de argumentos conduce a cross site scripting. Es posible iniciar el ataque de forma remota. El exploit ha sido divulgado al público y puede utilizarse. A esta vulnerabilidad se le asignó el identificador VDB-263493.", }, ], id: "CVE-2024-4649", lastModified: "2025-02-19T18:03:44.760", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "cna@vuldb.com", type: "Secondary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.5, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 1.4, source: "cna@vuldb.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-05-08T14:15:09.107", references: [ { source: "cna@vuldb.com", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2018.pdf", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.263493", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?id.263493", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.330123", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2018.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.263493", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?id.263493", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.330123", }, ], sourceIdentifier: "cna@vuldb.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "cna@vuldb.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-06 06:15
Modified
2025-02-19 18:04
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file /view/student_payment_details2.php. The manipulation of the argument index leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-263130 is the identifier assigned to this vulnerability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2014.pdf | Exploit | |
| cna@vuldb.com | https://vuldb.com/?ctiid.263130 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.263130 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.329773 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2014.pdf | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?ctiid.263130 | Permissions Required, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.263130 | Permissions Required, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?submit.329773 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| campcodes | complete_web-based_school_management_system | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", matchCriteriaId: "3B428FEE-6202-4945-8D0F-4E4734D573EC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file /view/student_payment_details2.php. The manipulation of the argument index leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-263130 is the identifier assigned to this vulnerability.", }, { lang: "es", value: "Se encontró una vulnerabilidad en Campcodes Complete Web-Based School Management System 1.0. Ha sido clasificada como problemática. Una función desconocida del archivo /view/student_paid_details2.php es afectada por esta vulnerabilidad. La manipulación del índice de argumentos conduce a cross site scripting. Es posible lanzar el ataque de forma remota. El exploit ha sido divulgado al público y puede utilizarse. VDB-263130 es el identificador asignado a esta vulnerabilidad.", }, ], id: "CVE-2024-4527", lastModified: "2025-02-19T18:04:59.973", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "cna@vuldb.com", type: "Secondary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.5, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 1.4, source: "cna@vuldb.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-05-06T06:15:08.497", references: [ { source: "cna@vuldb.com", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2014.pdf", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.263130", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?id.263130", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.329773", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2014.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.263130", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?id.263130", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.329773", }, ], sourceIdentifier: "cna@vuldb.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "cna@vuldb.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-06 02:15
Modified
2025-02-19 17:53
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability has been found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /view/timetable_grade_wise.php. The manipulation of the argument grade leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263119.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%203.pdf | Exploit | |
| cna@vuldb.com | https://vuldb.com/?ctiid.263119 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.263119 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.329696 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%203.pdf | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?ctiid.263119 | Permissions Required, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.263119 | Permissions Required, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?submit.329696 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| campcodes | complete_web-based_school_management_system | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", matchCriteriaId: "3B428FEE-6202-4945-8D0F-4E4734D573EC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability has been found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /view/timetable_grade_wise.php. The manipulation of the argument grade leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263119.", }, { lang: "es", value: "Una vulnerabilidad ha sido encontrada en Campcodes Complete Web-Based School Management System 1.0 y clasificada como problemática. Una función desconocida del archivo /view/timetable_grade_wise.php es afectada por esta vulnerabilidad. La manipulación de la calificación del argumento conduce a cross site scripting. El ataque se puede lanzar de forma remota. El exploit ha sido divulgado al público y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-263119.", }, ], id: "CVE-2024-4515", lastModified: "2025-02-19T17:53:22.527", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "cna@vuldb.com", type: "Secondary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.5, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 1.4, source: "cna@vuldb.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-05-06T02:15:07.633", references: [ { source: "cna@vuldb.com", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%203.pdf", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.263119", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?id.263119", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.329696", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%203.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.263119", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?id.263119", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.329696", }, ], sourceIdentifier: "cna@vuldb.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "cna@vuldb.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-06 04:15
Modified
2025-02-19 18:00
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /view/teacher_salary_details3.php. The manipulation of the argument month leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263123.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%207.pdf | Exploit | |
| cna@vuldb.com | https://vuldb.com/?ctiid.263123 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.263123 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.329700 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%207.pdf | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?ctiid.263123 | Permissions Required, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.263123 | Permissions Required, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?submit.329700 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| campcodes | complete_web-based_school_management_system | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", matchCriteriaId: "3B428FEE-6202-4945-8D0F-4E4734D573EC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /view/teacher_salary_details3.php. The manipulation of the argument month leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263123.", }, { lang: "es", value: "Se encontró una vulnerabilidad en Campcodes Complete Web-Based School Management System 1.0. Ha sido calificado como problemático. Este problema afecta un procesamiento desconocido del archivo /view/teacher_salary_details3.php. La manipulación del argumento mes conduce a cross site scripting. El ataque puede iniciarse de forma remota. El exploit ha sido divulgado al público y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-263123.", }, ], id: "CVE-2024-4519", lastModified: "2025-02-19T18:00:57.757", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "cna@vuldb.com", type: "Secondary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.5, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 1.4, source: "cna@vuldb.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-05-06T04:15:07.997", references: [ { source: "cna@vuldb.com", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%207.pdf", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.263123", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?id.263123", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.329700", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%207.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.263123", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?id.263123", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.329700", }, ], sourceIdentifier: "cna@vuldb.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "cna@vuldb.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-14 15:44
Modified
2025-02-19 18:38
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /view/exam_timetable.php. The manipulation of the argument exam leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-263626 is the identifier assigned to this vulnerability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2032.pdf | Exploit | |
| cna@vuldb.com | https://vuldb.com/?ctiid.263626 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.263626 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.331775 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2032.pdf | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?ctiid.263626 | Permissions Required, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.263626 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?submit.331775 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| campcodes | complete_web-based_school_management_system | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", matchCriteriaId: "3B428FEE-6202-4945-8D0F-4E4734D573EC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /view/exam_timetable.php. The manipulation of the argument exam leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-263626 is the identifier assigned to this vulnerability.", }, { lang: "es", value: "Se encontró una vulnerabilidad en Campcodes Complete Web-Based School Management System 1.0. Ha sido declarada problemática. Esta vulnerabilidad afecta a un código desconocido del archivo /view/exam_timetable.php. La manipulación del examen de argumentos conduce a Cross Site Scripting. El ataque se puede iniciar de forma remota. El exploit ha sido divulgado al público y puede utilizarse. VDB-263626 es el identificador asignado a esta vulnerabilidad.", }, ], id: "CVE-2024-4685", lastModified: "2025-02-19T18:38:59.740", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "cna@vuldb.com", type: "Secondary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.5, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 1.4, source: "cna@vuldb.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], cvssMetricV40: [ { cvssData: { Automatable: "NOT_DEFINED", Recovery: "NOT_DEFINED", Safety: "NOT_DEFINED", attackComplexity: "LOW", attackRequirements: "NONE", attackVector: "NETWORK", availabilityRequirement: "NOT_DEFINED", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityRequirement: "NOT_DEFINED", exploitMaturity: "NOT_DEFINED", integrityRequirement: "NOT_DEFINED", modifiedAttackComplexity: "NOT_DEFINED", modifiedAttackRequirements: "NOT_DEFINED", modifiedAttackVector: "NOT_DEFINED", modifiedPrivilegesRequired: "NOT_DEFINED", modifiedSubAvailabilityImpact: "NOT_DEFINED", modifiedSubConfidentialityImpact: "NOT_DEFINED", modifiedSubIntegrityImpact: "NOT_DEFINED", modifiedUserInteraction: "NOT_DEFINED", modifiedVulnAvailabilityImpact: "NOT_DEFINED", modifiedVulnConfidentialityImpact: "NOT_DEFINED", modifiedVulnIntegrityImpact: "NOT_DEFINED", privilegesRequired: "LOW", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "NONE", subConfidentialityImpact: "NONE", subIntegrityImpact: "NONE", userInteraction: "NONE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", version: "4.0", vulnAvailabilityImpact: "NONE", vulnConfidentialityImpact: "NONE", vulnIntegrityImpact: "LOW", vulnerabilityResponseEffort: "NOT_DEFINED", }, source: "cna@vuldb.com", type: "Secondary", }, ], }, published: "2024-05-14T15:44:22.953", references: [ { source: "cna@vuldb.com", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2032.pdf", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.263626", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?id.263626", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.331775", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2032.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.263626", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?id.263626", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.331775", }, ], sourceIdentifier: "cna@vuldb.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "cna@vuldb.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-14 15:44
Modified
2025-02-19 18:06
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /view/range_grade_text.php. The manipulation of the argument count leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263597 was assigned to this vulnerability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2026.pdf | Exploit | |
| cna@vuldb.com | https://vuldb.com/?ctiid.263597 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.263597 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.331313 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2026.pdf | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?ctiid.263597 | Permissions Required, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.263597 | Permissions Required, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?submit.331313 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| campcodes | complete_web-based_school_management_system | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", matchCriteriaId: "3B428FEE-6202-4945-8D0F-4E4734D573EC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /view/range_grade_text.php. The manipulation of the argument count leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263597 was assigned to this vulnerability.", }, { lang: "es", value: "Una vulnerabilidad fue encontrada en Campcodes Complete Web-Based School Management System 1.0 y clasificada como problemática. Este problema afecta un procesamiento desconocido del archivo /view/range_grade_text.php. La manipulación del recuento de argumentos conduce a Cross Site Scripting. El ataque puede iniciarse de forma remota. El exploit ha sido divulgado al público y puede utilizarse. A esta vulnerabilidad se le asignó el identificador VDB-263597.", }, ], id: "CVE-2024-4676", lastModified: "2025-02-19T18:06:43.577", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "cna@vuldb.com", type: "Secondary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.5, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 1.4, source: "cna@vuldb.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], cvssMetricV40: [ { cvssData: { Automatable: "NOT_DEFINED", Recovery: "NOT_DEFINED", Safety: "NOT_DEFINED", attackComplexity: "LOW", attackRequirements: "NONE", attackVector: "NETWORK", availabilityRequirement: "NOT_DEFINED", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityRequirement: "NOT_DEFINED", exploitMaturity: "NOT_DEFINED", integrityRequirement: "NOT_DEFINED", modifiedAttackComplexity: "NOT_DEFINED", modifiedAttackRequirements: "NOT_DEFINED", modifiedAttackVector: "NOT_DEFINED", modifiedPrivilegesRequired: "NOT_DEFINED", modifiedSubAvailabilityImpact: "NOT_DEFINED", modifiedSubConfidentialityImpact: "NOT_DEFINED", modifiedSubIntegrityImpact: "NOT_DEFINED", modifiedUserInteraction: "NOT_DEFINED", modifiedVulnAvailabilityImpact: "NOT_DEFINED", modifiedVulnConfidentialityImpact: "NOT_DEFINED", modifiedVulnIntegrityImpact: "NOT_DEFINED", privilegesRequired: "LOW", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "NONE", subConfidentialityImpact: "NONE", subIntegrityImpact: "NONE", userInteraction: "NONE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", version: "4.0", vulnAvailabilityImpact: "NONE", vulnConfidentialityImpact: "NONE", vulnIntegrityImpact: "LOW", vulnerabilityResponseEffort: "NOT_DEFINED", }, source: "cna@vuldb.com", type: "Secondary", }, ], }, published: "2024-05-14T15:44:18.460", references: [ { source: "cna@vuldb.com", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2026.pdf", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.263597", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?id.263597", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.331313", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2026.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.263597", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?id.263597", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.331313", }, ], sourceIdentifier: "cna@vuldb.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "cna@vuldb.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-06 05:15
Modified
2025-02-19 18:01
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability classified as problematic was found in Campcodes Complete Web-Based School Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /view/teacher_salary_details.php. The manipulation of the argument index leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263125 was assigned to this vulnerability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%209.pdf | Exploit | |
| cna@vuldb.com | https://vuldb.com/?ctiid.263125 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.263125 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.329768 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%209.pdf | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?ctiid.263125 | Permissions Required, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.263125 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?submit.329768 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| campcodes | complete_web-based_school_management_system | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", matchCriteriaId: "3B428FEE-6202-4945-8D0F-4E4734D573EC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability classified as problematic was found in Campcodes Complete Web-Based School Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /view/teacher_salary_details.php. The manipulation of the argument index leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263125 was assigned to this vulnerability.", }, { lang: "es", value: "Una vulnerabilidad fue encontrada en Campcodes Complete Web-Based School Management System 1.0 y clasificada como problemática. Una función desconocida del archivo /view/teacher_salary_details.php es afectada por esta vulnerabilidad. La manipulación del índice de argumentos conduce a cross site scripting. El ataque se puede lanzar de forma remota. El exploit ha sido divulgado al público y puede utilizarse. A esta vulnerabilidad se le asignó el identificador VDB-263125.", }, ], id: "CVE-2024-4522", lastModified: "2025-02-19T18:01:42.270", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "cna@vuldb.com", type: "Secondary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.5, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 1.4, source: "cna@vuldb.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-05-06T05:15:06.807", references: [ { source: "cna@vuldb.com", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%209.pdf", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.263125", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?id.263125", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.329768", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%209.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.263125", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?id.263125", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.329768", }, ], sourceIdentifier: "cna@vuldb.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "cna@vuldb.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-20 03:15
Modified
2025-02-21 21:10
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
A vulnerability classified as critical has been found in Campcodes Complete Web-Based School Management System 1.0. Affected is an unknown function of the file /view/teacher_attendance_history1.php. The manipulation of the argument index leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-265104.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2019.pdf | Exploit | |
| cna@vuldb.com | https://vuldb.com/?ctiid.265104 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.265104 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.338518 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2019.pdf | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?ctiid.265104 | Permissions Required, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.265104 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?submit.338518 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| campcodes | complete_web-based_school_management_system | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", matchCriteriaId: "3B428FEE-6202-4945-8D0F-4E4734D573EC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability classified as critical has been found in Campcodes Complete Web-Based School Management System 1.0. Affected is an unknown function of the file /view/teacher_attendance_history1.php. The manipulation of the argument index leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-265104.", }, { lang: "es", value: " Una vulnerabilidad ha sido encontrada en Campcodes Complete Web-Based School Management System 1.0 y clasificada como crítica. Una función desconocida del archivo /view/teacher_attendance_history1.php es afectada por esta vulnerabilidad. La manipulación del argumento index conduce a la inyección de SQL. Es posible lanzar el ataque de forma remota. El exploit ha sido divulgado al público y puede utilizarse. El identificador de esta vulnerabilidad es VDB-265104.", }, ], id: "CVE-2024-5114", lastModified: "2025-02-21T21:10:08.983", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "cna@vuldb.com", type: "Secondary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.4, source: "cna@vuldb.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], cvssMetricV40: [ { cvssData: { Automatable: "NOT_DEFINED", Recovery: "NOT_DEFINED", Safety: "NOT_DEFINED", attackComplexity: "LOW", attackRequirements: "NONE", attackVector: "NETWORK", availabilityRequirement: "NOT_DEFINED", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityRequirement: "NOT_DEFINED", exploitMaturity: "NOT_DEFINED", integrityRequirement: "NOT_DEFINED", modifiedAttackComplexity: "NOT_DEFINED", modifiedAttackRequirements: "NOT_DEFINED", modifiedAttackVector: "NOT_DEFINED", modifiedPrivilegesRequired: "NOT_DEFINED", modifiedSubAvailabilityImpact: "NOT_DEFINED", modifiedSubConfidentialityImpact: "NOT_DEFINED", modifiedSubIntegrityImpact: "NOT_DEFINED", modifiedUserInteraction: "NOT_DEFINED", modifiedVulnAvailabilityImpact: "NOT_DEFINED", modifiedVulnConfidentialityImpact: "NOT_DEFINED", modifiedVulnIntegrityImpact: "NOT_DEFINED", privilegesRequired: "LOW", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "NONE", subConfidentialityImpact: "NONE", subIntegrityImpact: "NONE", userInteraction: "NONE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", version: "4.0", vulnAvailabilityImpact: "LOW", vulnConfidentialityImpact: "LOW", vulnIntegrityImpact: "LOW", vulnerabilityResponseEffort: "NOT_DEFINED", }, source: "cna@vuldb.com", type: "Secondary", }, ], }, published: "2024-05-20T03:15:09.167", references: [ { source: "cna@vuldb.com", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2019.pdf", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.265104", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?id.265104", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.338518", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2019.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.265104", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?id.265104", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.338518", }, ], sourceIdentifier: "cna@vuldb.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "cna@vuldb.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-14 15:44
Modified
2025-02-20 20:55
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability classified as problematic was found in Campcodes Complete Web-Based School Management System 1.0. This vulnerability affects unknown code of the file index.php. The manipulation of the argument category leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263800.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2045.pdf | Exploit | |
| cna@vuldb.com | https://vuldb.com/?ctiid.263800 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.263800 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.331888 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2045.pdf | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?ctiid.263800 | Permissions Required, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.263800 | Permissions Required, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?submit.331888 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| campcodes | complete_web-based_school_management_system | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", matchCriteriaId: "3B428FEE-6202-4945-8D0F-4E4734D573EC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability classified as problematic was found in Campcodes Complete Web-Based School Management System 1.0. This vulnerability affects unknown code of the file index.php. The manipulation of the argument category leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263800.", }, { lang: "es", value: "Una vulnerabilidad fue encontrada en Campcodes Complete Web-Based School Management System 1.0 y clasificada como problemática. Esta vulnerabilidad afecta a un código desconocido del archivo index.php. La manipulación de la categoría de argumento conduce a Cross Site Scripting. El ataque se puede iniciar de forma remota. El exploit ha sido divulgado al público y puede utilizarse. El identificador de esta vulnerabilidad es VDB-263800.", }, ], id: "CVE-2024-4722", lastModified: "2025-02-20T20:55:46.727", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "cna@vuldb.com", type: "Secondary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.5, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 1.4, source: "cna@vuldb.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], cvssMetricV40: [ { cvssData: { Automatable: "NOT_DEFINED", Recovery: "NOT_DEFINED", Safety: "NOT_DEFINED", attackComplexity: "LOW", attackRequirements: "NONE", attackVector: "NETWORK", availabilityRequirement: "NOT_DEFINED", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityRequirement: "NOT_DEFINED", exploitMaturity: "NOT_DEFINED", integrityRequirement: "NOT_DEFINED", modifiedAttackComplexity: "NOT_DEFINED", modifiedAttackRequirements: "NOT_DEFINED", modifiedAttackVector: "NOT_DEFINED", modifiedPrivilegesRequired: "NOT_DEFINED", modifiedSubAvailabilityImpact: "NOT_DEFINED", modifiedSubConfidentialityImpact: "NOT_DEFINED", modifiedSubIntegrityImpact: "NOT_DEFINED", modifiedUserInteraction: "NOT_DEFINED", modifiedVulnAvailabilityImpact: "NOT_DEFINED", modifiedVulnConfidentialityImpact: "NOT_DEFINED", modifiedVulnIntegrityImpact: "NOT_DEFINED", privilegesRequired: "LOW", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "NONE", subConfidentialityImpact: "NONE", subIntegrityImpact: "NONE", userInteraction: "NONE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", version: "4.0", vulnAvailabilityImpact: "NONE", vulnConfidentialityImpact: "NONE", vulnIntegrityImpact: "LOW", vulnerabilityResponseEffort: "NOT_DEFINED", }, source: "cna@vuldb.com", type: "Secondary", }, ], }, published: "2024-05-14T15:44:33.743", references: [ { source: "cna@vuldb.com", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2045.pdf", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.263800", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?id.263800", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.331888", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2045.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.263800", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?id.263800", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.331888", }, ], sourceIdentifier: "cna@vuldb.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "cna@vuldb.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-06 05:15
Modified
2025-02-19 18:01
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability classified as problematic has been found in Campcodes Complete Web-Based School Management System 1.0. Affected is an unknown function of the file /view/teacher_salary_details2.php. The manipulation of the argument index leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263124.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%208.pdf | Exploit | |
| cna@vuldb.com | https://vuldb.com/?ctiid.263124 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.263124 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.329767 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%208.pdf | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?ctiid.263124 | Permissions Required, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.263124 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?submit.329767 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| campcodes | complete_web-based_school_management_system | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", matchCriteriaId: "3B428FEE-6202-4945-8D0F-4E4734D573EC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability classified as problematic has been found in Campcodes Complete Web-Based School Management System 1.0. Affected is an unknown function of the file /view/teacher_salary_details2.php. The manipulation of the argument index leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263124.", }, { lang: "es", value: "Una vulnerabilidad ha sido encontrada en Campcodes Complete Web-Based School Management System 1.0 y clasificada como problemática. Una función desconocida del archivo /view/teacher_salary_details2.php es afectada por esta vulnerabilidad. La manipulación del índice de argumentos conduce a cross site scripting. Es posible lanzar el ataque de forma remota. El exploit ha sido divulgado al público y puede utilizarse. El identificador de esta vulnerabilidad es VDB-263124.", }, ], id: "CVE-2024-4521", lastModified: "2025-02-19T18:01:20.563", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "cna@vuldb.com", type: "Secondary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.5, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 1.4, source: "cna@vuldb.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-05-06T05:15:06.447", references: [ { source: "cna@vuldb.com", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%208.pdf", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.263124", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?id.263124", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.329767", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%208.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.263124", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?id.263124", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.329767", }, ], sourceIdentifier: "cna@vuldb.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "cna@vuldb.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-28 16:15
Modified
2025-03-25 17:18
Severity ?
Summary
A SQL injection vulnerability in /model/get_exam.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the id parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| campcodes | complete_web-based_school_management_system | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", matchCriteriaId: "3B428FEE-6202-4945-8D0F-4E4734D573EC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A SQL injection vulnerability in /model/get_exam.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the id parameter.", }, { lang: "es", value: "Una vulnerabilidad de inyección SQL en /model/get_exam.php en campcodes Complete Web-Based School Management System 1.0 permite a un atacante ejecutar comandos SQL arbitrarios a través del parámetro id.", }, ], id: "CVE-2024-33803", lastModified: "2025-03-25T17:18:56.470", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.5, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-05-28T16:15:16.413", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2011.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2011.pdf", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-14 15:44
Modified
2025-02-19 18:08
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability, which was classified as problematic, has been found in Campcodes Complete Web-Based School Management System 1.0. Affected by this issue is some unknown functionality of the file /view/show_student_grade_subject.php. The manipulation of the argument id leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-263594 is the identifier assigned to this vulnerability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2023.pdf | Exploit | |
| cna@vuldb.com | https://vuldb.com/?ctiid.263594 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.263594 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.331308 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2023.pdf | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?ctiid.263594 | Permissions Required, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.263594 | Permissions Required, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?submit.331308 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| campcodes | complete_web-based_school_management_system | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*", matchCriteriaId: "3B428FEE-6202-4945-8D0F-4E4734D573EC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability, which was classified as problematic, has been found in Campcodes Complete Web-Based School Management System 1.0. Affected by this issue is some unknown functionality of the file /view/show_student_grade_subject.php. The manipulation of the argument id leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-263594 is the identifier assigned to this vulnerability.", }, { lang: "es", value: "Una vulnerabilidad fue encontrada en Campcodes Complete Web-Based School Management System 1.0 y clasificada como problemática. Una función desconocida del archivo /view/show_student_grade_subject.php es afectada por esta vulnerabilidad. La manipulación del argumento id conduce a Cross Site Scripting. El ataque puede lanzarse de forma remota. El exploit ha sido divulgado al público y puede utilizarse. VDB-263594 es el identificador asignado a esta vulnerabilidad.", }, ], id: "CVE-2024-4673", lastModified: "2025-02-19T18:08:06.483", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "cna@vuldb.com", type: "Secondary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.5, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 1.4, source: "cna@vuldb.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], cvssMetricV40: [ { cvssData: { Automatable: "NOT_DEFINED", Recovery: "NOT_DEFINED", Safety: "NOT_DEFINED", attackComplexity: "LOW", attackRequirements: "NONE", attackVector: "NETWORK", availabilityRequirement: "NOT_DEFINED", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityRequirement: "NOT_DEFINED", exploitMaturity: "NOT_DEFINED", integrityRequirement: "NOT_DEFINED", modifiedAttackComplexity: "NOT_DEFINED", modifiedAttackRequirements: "NOT_DEFINED", modifiedAttackVector: "NOT_DEFINED", modifiedPrivilegesRequired: "NOT_DEFINED", modifiedSubAvailabilityImpact: "NOT_DEFINED", modifiedSubConfidentialityImpact: "NOT_DEFINED", modifiedSubIntegrityImpact: "NOT_DEFINED", modifiedUserInteraction: "NOT_DEFINED", modifiedVulnAvailabilityImpact: "NOT_DEFINED", modifiedVulnConfidentialityImpact: "NOT_DEFINED", modifiedVulnIntegrityImpact: "NOT_DEFINED", privilegesRequired: "LOW", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "NONE", subConfidentialityImpact: "NONE", subIntegrityImpact: "NONE", userInteraction: "NONE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", version: "4.0", vulnAvailabilityImpact: "NONE", vulnConfidentialityImpact: "NONE", vulnIntegrityImpact: "LOW", vulnerabilityResponseEffort: "NOT_DEFINED", }, source: "cna@vuldb.com", type: "Secondary", }, ], }, published: "2024-05-14T15:44:16.617", references: [ { source: "cna@vuldb.com", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2023.pdf", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.263594", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?id.263594", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.331308", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2023.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.263594", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?id.263594", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.331308", }, ], sourceIdentifier: "cna@vuldb.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "cna@vuldb.com", type: "Primary", }, ], }