A SQL injection vulnerability in /smsa/admin_login.php in Kashipara Responsive School Management System v3.2.0 allows an attacker to execute arbitrary SQL commands via the "username" parameter of the Admin Login Page
References
Configurations
History
30 Aug 2024, 16:02
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.2 |
References | () https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Responsive%20School%20Management%20System%20v3.2.0/SQL%20Injection%20-%20Admin.pdf - Exploit, Third Party Advisory | |
References | () https://www.kashipara.com/project/php/12362/responsive-school-management-system-php-project-source-code - Product | |
First Time |
Lopalopa responsive School Management System
Lopalopa |
|
CPE | cpe:2.3:a:lopalopa:responsive_school_management_system:3.2.0:*:*:*:*:*:*:* |
29 Aug 2024, 13:25
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
28 Aug 2024, 18:35
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.4 |
CWE | CWE-89 |
28 Aug 2024, 18:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-08-28 18:15
Updated : 2024-08-30 16:02
NVD link : CVE-2024-41236
Mitre link : CVE-2024-41236
CVE.ORG link : CVE-2024-41236
JSON object : View
Products Affected
lopalopa
- responsive_school_management_system
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')