Vulnerabilites related to fabian - online_class_and_exam_scheduling_system
Vulnerability from fkie_nvd
Published
2022-08-08 13:15
Modified
2024-12-12 15:58
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability classified as critical has been found in SourceCodester Online Class and Exam Scheduling System 1.0. Affected is an unknown function of the file /pages/class_sched.php. The manipulation of the argument class with the input '||(SELECT 0x684d6b6c WHERE 5993=5993 AND (SELECT 2096 FROM(SELECT COUNT(*),CONCAT(0x717a786b71,(SELECT (ELT(2096=2096,1))),0x717a626271,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a))||' leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-205830 is the identifier assigned to this vulnerability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/anx0ing/CVE_demo/blob/main/2022/Online%20Class%20and%20Exam%20Scheduling%20System-SQL%20injections.md | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?id.205830 | Permissions Required, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/anx0ing/CVE_demo/blob/main/2022/Online%20Class%20and%20Exam%20Scheduling%20System-SQL%20injections.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.205830 | Permissions Required, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fabian | online_class_and_exam_scheduling_system | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:fabian:online_class_and_exam_scheduling_system:1.0:*:*:*:*:*:*:*", matchCriteriaId: "6816A95B-5961-49BE-9638-D735C9286FD4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability classified as critical has been found in SourceCodester Online Class and Exam Scheduling System 1.0. Affected is an unknown function of the file /pages/class_sched.php. The manipulation of the argument class with the input '||(SELECT 0x684d6b6c WHERE 5993=5993 AND (SELECT 2096 FROM(SELECT COUNT(*),CONCAT(0x717a786b71,(SELECT (ELT(2096=2096,1))),0x717a626271,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a))||' leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-205830 is the identifier assigned to this vulnerability.", }, { lang: "es", value: "Se ha encontrado una vulnerabilidad clasificada como crítica en SourceCodester Online Class and Exam Scheduling System versión 1.0. Está afectada una función desconocida del archivo /pages/class_sched.php. La manipulación del argumento class con la entrada \"||(SELECT 0x684d6b6c WHERE 5993=5993 AND (SELECT 2096 FROM(SELECT COUNT(*),CONCAT(0x717a786b71,(SELECT (ELT(2096=2096,1)),0x717a626271,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a))||\" conlleva a una inyección sql. Es posible lanzar el ataque de forma remota. La explotación ha sido divulgada al público y puede ser usada. VDB-205830 es el identificador asignado a esta vulnerabilidad", }, ], id: "CVE-2022-2706", lastModified: "2024-12-12T15:58:17.447", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.4, source: "cna@vuldb.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-08-08T13:15:08.707", references: [ { source: "cna@vuldb.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/anx0ing/CVE_demo/blob/main/2022/Online%20Class%20and%20Exam%20Scheduling%20System-SQL%20injections.md", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "Third Party Advisory", ], url: "https://vuldb.com/?id.205830", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/anx0ing/CVE_demo/blob/main/2022/Online%20Class%20and%20Exam%20Scheduling%20System-SQL%20injections.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "Third Party Advisory", ], url: "https://vuldb.com/?id.205830", }, ], sourceIdentifier: "cna@vuldb.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "cna@vuldb.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-08-08 13:15
Modified
2024-12-12 15:58
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability classified as critical was found in SourceCodester Online Class and Exam Scheduling System 1.0. Affected by this vulnerability is an unknown functionality of the file /pages/faculty_sched.php. The manipulation of the argument faculty with the input ' OR (SELECT 2078 FROM(SELECT COUNT(*),CONCAT(0x716a717071,(SELECT (ELT(2078=2078,1))),0x717a706a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- uYCM leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205831.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/anx0ing/CVE_demo/blob/main/2022/Online%20Class%20and%20Exam%20Scheduling%20System-SQL%20injections.md | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?id.205831 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/anx0ing/CVE_demo/blob/main/2022/Online%20Class%20and%20Exam%20Scheduling%20System-SQL%20injections.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.205831 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fabian | online_class_and_exam_scheduling_system | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:fabian:online_class_and_exam_scheduling_system:1.0:*:*:*:*:*:*:*", matchCriteriaId: "6816A95B-5961-49BE-9638-D735C9286FD4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability classified as critical was found in SourceCodester Online Class and Exam Scheduling System 1.0. Affected by this vulnerability is an unknown functionality of the file /pages/faculty_sched.php. The manipulation of the argument faculty with the input ' OR (SELECT 2078 FROM(SELECT COUNT(*),CONCAT(0x716a717071,(SELECT (ELT(2078=2078,1))),0x717a706a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- uYCM leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205831.", }, { lang: "es", value: "Se ha encontrado una vulnerabilidad clasificada como crítica en SourceCodester Online Class and Exam Scheduling System versión 1.0. Esta vulnerabilidad afecta a una funcionalidad desconocida del archivo /pages/faculty_sched.php. La manipulación del argumento facultad con la entrada \" OR (SELECT 2078 FROM(SELECT COUNT(*),CONCAT(0x716a717071,(SELECT (ELT(2078=2078,1)),0x717a706a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- uYCM conlleva a una inyección sql. El ataque puede ser lanzado de forma remota. La explotación ha sido divulgada al público y puede ser usada. El identificador asociado a esta vulnerabilidad es VDB-205831", }, ], id: "CVE-2022-2707", lastModified: "2024-12-12T15:58:17.447", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.4, source: "cna@vuldb.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-08-08T13:15:08.770", references: [ { source: "cna@vuldb.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/anx0ing/CVE_demo/blob/main/2022/Online%20Class%20and%20Exam%20Scheduling%20System-SQL%20injections.md", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", ], url: "https://vuldb.com/?id.205831", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/anx0ing/CVE_demo/blob/main/2022/Online%20Class%20and%20Exam%20Scheduling%20System-SQL%20injections.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://vuldb.com/?id.205831", }, ], sourceIdentifier: "cna@vuldb.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "cna@vuldb.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-12-12 01:40
Modified
2024-12-12 17:35
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability, which was classified as critical, was found in code-projects Online Class and Exam Scheduling System 1.0. Affected is an unknown function of the file /pages/rank_update.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://code-projects.org/ | Product | |
| cna@vuldb.com | https://github.com/bjtyyy/CVE/blob/main/Online%20Class%20and%20Exam%20Scheduling%20System_rank_update_php.docx | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?ctiid.287868 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.287868 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.459081 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fabian | online_class_and_exam_scheduling_system | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:fabian:online_class_and_exam_scheduling_system:1.0:*:*:*:*:*:*:*", matchCriteriaId: "6816A95B-5961-49BE-9638-D735C9286FD4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability, which was classified as critical, was found in code-projects Online Class and Exam Scheduling System 1.0. Affected is an unknown function of the file /pages/rank_update.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.", }, { lang: "es", value: "Se ha encontrado una vulnerabilidad clasificada como crítica en code-projects Online Class and Exam Scheduling System 1.0. Se ve afectada una función desconocida del archivo /pages/rank_update.php. La manipulación del argumento id provoca una inyección SQL. Es posible lanzar el ataque de forma remota. El exploit ha sido divulgado al público y puede utilizarse.", }, ], id: "CVE-2024-12486", lastModified: "2024-12-12T17:35:29.930", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "cna@vuldb.com", type: "Secondary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.4, source: "cna@vuldb.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], cvssMetricV40: [ { cvssData: { Automatable: "NOT_DEFINED", Recovery: "NOT_DEFINED", Safety: "NOT_DEFINED", attackComplexity: "LOW", attackRequirements: "NONE", attackVector: "NETWORK", availabilityRequirement: "NOT_DEFINED", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityRequirement: "NOT_DEFINED", exploitMaturity: "NOT_DEFINED", integrityRequirement: "NOT_DEFINED", modifiedAttackComplexity: "NOT_DEFINED", modifiedAttackRequirements: "NOT_DEFINED", modifiedAttackVector: "NOT_DEFINED", modifiedPrivilegesRequired: "NOT_DEFINED", modifiedSubAvailabilityImpact: "NOT_DEFINED", modifiedSubConfidentialityImpact: "NOT_DEFINED", modifiedSubIntegrityImpact: "NOT_DEFINED", modifiedUserInteraction: "NOT_DEFINED", modifiedVulnAvailabilityImpact: "NOT_DEFINED", modifiedVulnConfidentialityImpact: "NOT_DEFINED", modifiedVulnIntegrityImpact: "NOT_DEFINED", privilegesRequired: "LOW", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "NONE", subConfidentialityImpact: "NONE", subIntegrityImpact: "NONE", userInteraction: "NONE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", version: "4.0", vulnAvailabilityImpact: "LOW", vulnConfidentialityImpact: "LOW", vulnIntegrityImpact: "LOW", vulnerabilityResponseEffort: "NOT_DEFINED", }, source: "cna@vuldb.com", type: "Secondary", }, ], }, published: "2024-12-12T01:40:30.120", references: [ { source: "cna@vuldb.com", tags: [ "Product", ], url: "https://code-projects.org/", }, { source: "cna@vuldb.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/bjtyyy/CVE/blob/main/Online%20Class%20and%20Exam%20Scheduling%20System_rank_update_php.docx", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.287868", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?id.287868", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.459081", }, ], sourceIdentifier: "cna@vuldb.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-74", }, { lang: "en", value: "CWE-89", }, ], source: "cna@vuldb.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-12-12 01:40
Modified
2024-12-12 17:36
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability has been found in code-projects Online Class and Exam Scheduling System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /pages/room_update.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://code-projects.org/ | Product | |
| cna@vuldb.com | https://github.com/bjtyyy/CVE/blob/main/Online%20Class%20and%20Exam%20Scheduling%20System_room_update_php.docx | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?ctiid.287869 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.287869 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.459083 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fabian | online_class_and_exam_scheduling_system | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:fabian:online_class_and_exam_scheduling_system:1.0:*:*:*:*:*:*:*", matchCriteriaId: "6816A95B-5961-49BE-9638-D735C9286FD4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability has been found in code-projects Online Class and Exam Scheduling System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /pages/room_update.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.", }, { lang: "es", value: "Se ha encontrado una vulnerabilidad en code-projects Online Class and Exam Scheduling System 1.0 y se ha clasificado como crítica. Esta vulnerabilidad afecta a una funcionalidad desconocida del archivo /pages/room_update.php. La manipulación del argumento id conduce a una inyección SQL. El ataque se puede ejecutar de forma remota. El exploit se ha hecho público y puede utilizarse.", }, ], id: "CVE-2024-12487", lastModified: "2024-12-12T17:36:03.097", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "cna@vuldb.com", type: "Secondary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.4, source: "cna@vuldb.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], cvssMetricV40: [ { cvssData: { Automatable: "NOT_DEFINED", Recovery: "NOT_DEFINED", Safety: "NOT_DEFINED", attackComplexity: "LOW", attackRequirements: "NONE", attackVector: "NETWORK", availabilityRequirement: "NOT_DEFINED", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityRequirement: "NOT_DEFINED", exploitMaturity: "NOT_DEFINED", integrityRequirement: "NOT_DEFINED", modifiedAttackComplexity: "NOT_DEFINED", modifiedAttackRequirements: "NOT_DEFINED", modifiedAttackVector: "NOT_DEFINED", modifiedPrivilegesRequired: "NOT_DEFINED", modifiedSubAvailabilityImpact: "NOT_DEFINED", modifiedSubConfidentialityImpact: "NOT_DEFINED", modifiedSubIntegrityImpact: "NOT_DEFINED", modifiedUserInteraction: "NOT_DEFINED", modifiedVulnAvailabilityImpact: "NOT_DEFINED", modifiedVulnConfidentialityImpact: "NOT_DEFINED", modifiedVulnIntegrityImpact: "NOT_DEFINED", privilegesRequired: "LOW", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "NONE", subConfidentialityImpact: "NONE", subIntegrityImpact: "NONE", userInteraction: "NONE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", version: "4.0", vulnAvailabilityImpact: "LOW", vulnConfidentialityImpact: "LOW", vulnIntegrityImpact: "LOW", vulnerabilityResponseEffort: "NOT_DEFINED", }, source: "cna@vuldb.com", type: "Secondary", }, ], }, published: "2024-12-12T01:40:30.270", references: [ { source: "cna@vuldb.com", tags: [ "Product", ], url: "https://code-projects.org/", }, { source: "cna@vuldb.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/bjtyyy/CVE/blob/main/Online%20Class%20and%20Exam%20Scheduling%20System_room_update_php.docx", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.287869", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?id.287869", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.459083", }, ], sourceIdentifier: "cna@vuldb.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-74", }, { lang: "en", value: "CWE-89", }, ], source: "cna@vuldb.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-12-12 01:40
Modified
2024-12-12 17:38
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability was found in code-projects Online Class and Exam Scheduling System 1.0. It has been classified as critical. This affects an unknown part of the file /pages/term.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://code-projects.org/ | Product | |
| cna@vuldb.com | https://github.com/bjtyyy/CVE/blob/main/Online%20Class%20and%20Exam%20Scheduling%20System_term_php%20.docx | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?ctiid.287871 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.287871 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.459113 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fabian | online_class_and_exam_scheduling_system | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:fabian:online_class_and_exam_scheduling_system:1.0:*:*:*:*:*:*:*", matchCriteriaId: "6816A95B-5961-49BE-9638-D735C9286FD4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability was found in code-projects Online Class and Exam Scheduling System 1.0. It has been classified as critical. This affects an unknown part of the file /pages/term.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.", }, { lang: "es", value: "Se ha encontrado una vulnerabilidad en code-projects Online Class and Exam Scheduling System 1.0. Se ha clasificado como crítica. Afecta a una parte desconocida del archivo /pages/term.php. La manipulación del argumento id provoca una inyección SQL. Es posible iniciar el ataque de forma remota. El exploit se ha hecho público y puede utilizarse.", }, ], id: "CVE-2024-12489", lastModified: "2024-12-12T17:38:15.650", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "cna@vuldb.com", type: "Secondary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.4, source: "cna@vuldb.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], cvssMetricV40: [ { cvssData: { Automatable: "NOT_DEFINED", Recovery: "NOT_DEFINED", Safety: "NOT_DEFINED", attackComplexity: "LOW", attackRequirements: "NONE", attackVector: "NETWORK", availabilityRequirement: "NOT_DEFINED", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityRequirement: "NOT_DEFINED", exploitMaturity: "NOT_DEFINED", integrityRequirement: "NOT_DEFINED", modifiedAttackComplexity: "NOT_DEFINED", modifiedAttackRequirements: "NOT_DEFINED", modifiedAttackVector: "NOT_DEFINED", modifiedPrivilegesRequired: "NOT_DEFINED", modifiedSubAvailabilityImpact: "NOT_DEFINED", modifiedSubConfidentialityImpact: "NOT_DEFINED", modifiedSubIntegrityImpact: "NOT_DEFINED", modifiedUserInteraction: "NOT_DEFINED", modifiedVulnAvailabilityImpact: "NOT_DEFINED", modifiedVulnConfidentialityImpact: "NOT_DEFINED", modifiedVulnIntegrityImpact: "NOT_DEFINED", privilegesRequired: "LOW", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "NONE", subConfidentialityImpact: "NONE", subIntegrityImpact: "NONE", userInteraction: "NONE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", version: "4.0", vulnAvailabilityImpact: "LOW", vulnConfidentialityImpact: "LOW", vulnIntegrityImpact: "LOW", vulnerabilityResponseEffort: "NOT_DEFINED", }, source: "cna@vuldb.com", type: "Secondary", }, ], }, published: "2024-12-12T01:40:30.560", references: [ { source: "cna@vuldb.com", tags: [ "Product", ], url: "https://code-projects.org/", }, { source: "cna@vuldb.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/bjtyyy/CVE/blob/main/Online%20Class%20and%20Exam%20Scheduling%20System_term_php%20.docx", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.287871", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?id.287871", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.459113", }, ], sourceIdentifier: "cna@vuldb.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-74", }, { lang: "en", value: "CWE-89", }, ], source: "cna@vuldb.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-12-12 01:40
Modified
2024-12-12 17:34
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability, which was classified as critical, has been found in code-projects Online Class and Exam Scheduling System 1.0. This issue affects some unknown processing of the file /pages/department.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://code-projects.org/ | Product | |
| cna@vuldb.com | https://github.com/bjtyyy/CVE/blob/main/Online%20Class%20and%20Exam%20Scheduling%20System_department_php.docx | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?ctiid.287867 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.287867 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.459077 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fabian | online_class_and_exam_scheduling_system | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:fabian:online_class_and_exam_scheduling_system:1.0:*:*:*:*:*:*:*", matchCriteriaId: "6816A95B-5961-49BE-9638-D735C9286FD4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability, which was classified as critical, has been found in code-projects Online Class and Exam Scheduling System 1.0. This issue affects some unknown processing of the file /pages/department.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.", }, { lang: "es", value: "Se ha encontrado una vulnerabilidad, que se ha clasificado como crítica, en code-projects Online Class and Exam Scheduling System 1.0. Este problema afecta a algunos procesos desconocidos del archivo /pages/department.php. La manipulación del argumento id conduce a una inyección SQL. El ataque puede iniciarse de forma remota. El exploit se ha hecho público y puede utilizarse.", }, ], id: "CVE-2024-12485", lastModified: "2024-12-12T17:34:50.310", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "cna@vuldb.com", type: "Secondary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.4, source: "cna@vuldb.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], cvssMetricV40: [ { cvssData: { Automatable: "NOT_DEFINED", Recovery: "NOT_DEFINED", Safety: "NOT_DEFINED", attackComplexity: "LOW", attackRequirements: "NONE", attackVector: "NETWORK", availabilityRequirement: "NOT_DEFINED", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityRequirement: "NOT_DEFINED", exploitMaturity: "NOT_DEFINED", integrityRequirement: "NOT_DEFINED", modifiedAttackComplexity: "NOT_DEFINED", modifiedAttackRequirements: "NOT_DEFINED", modifiedAttackVector: "NOT_DEFINED", modifiedPrivilegesRequired: "NOT_DEFINED", modifiedSubAvailabilityImpact: "NOT_DEFINED", modifiedSubConfidentialityImpact: "NOT_DEFINED", modifiedSubIntegrityImpact: "NOT_DEFINED", modifiedUserInteraction: "NOT_DEFINED", modifiedVulnAvailabilityImpact: "NOT_DEFINED", modifiedVulnConfidentialityImpact: "NOT_DEFINED", modifiedVulnIntegrityImpact: "NOT_DEFINED", privilegesRequired: "LOW", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "NONE", subConfidentialityImpact: "NONE", subIntegrityImpact: "NONE", userInteraction: "NONE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", version: "4.0", vulnAvailabilityImpact: "LOW", vulnConfidentialityImpact: "LOW", vulnIntegrityImpact: "LOW", vulnerabilityResponseEffort: "NOT_DEFINED", }, source: "cna@vuldb.com", type: "Secondary", }, ], }, published: "2024-12-12T01:40:29.920", references: [ { source: "cna@vuldb.com", tags: [ "Product", ], url: "https://code-projects.org/", }, { source: "cna@vuldb.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/bjtyyy/CVE/blob/main/Online%20Class%20and%20Exam%20Scheduling%20System_department_php.docx", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", "VDB Entry", ], url: "https://vuldb.com/?ctiid.287867", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?id.287867", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.459077", }, ], sourceIdentifier: "cna@vuldb.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-74", }, { lang: "en", value: "CWE-89", }, ], source: "cna@vuldb.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-12-12 01:40
Modified
2024-12-12 17:37
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability was found in code-projects Online Class and Exam Scheduling System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /pages/subject_update.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://code-projects.org/ | Product | |
| cna@vuldb.com | https://github.com/bjtyyy/CVE/blob/main/Online%20Class%20and%20Exam%20Scheduling%20System_subject_update_php%20.docx | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?ctiid.287870 | Permissions Required | |
| cna@vuldb.com | https://vuldb.com/?id.287870 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.459097 | Third Party Advisory, VDB Entry | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://github.com/bjtyyy/CVE/blob/main/Online%20Class%20and%20Exam%20Scheduling%20System_subject_update_php%20.docx | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fabian | online_class_and_exam_scheduling_system | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:fabian:online_class_and_exam_scheduling_system:1.0:*:*:*:*:*:*:*", matchCriteriaId: "6816A95B-5961-49BE-9638-D735C9286FD4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability was found in code-projects Online Class and Exam Scheduling System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /pages/subject_update.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.", }, { lang: "es", value: "Se encontró una vulnerabilidad en code-projects Online Class and Exam Scheduling System 1.0 y se clasificó como crítica. Este problema afecta a algunas funciones desconocidas del archivo /pages/subject_update.php. La manipulación del argumento id conduce a una inyección SQL. El ataque puede ejecutarse de forma remota. El exploit se ha revelado al público y puede utilizarse.", }, ], id: "CVE-2024-12488", lastModified: "2024-12-12T17:37:05.537", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "cna@vuldb.com", type: "Secondary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.4, source: "cna@vuldb.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], cvssMetricV40: [ { cvssData: { Automatable: "NOT_DEFINED", Recovery: "NOT_DEFINED", Safety: "NOT_DEFINED", attackComplexity: "LOW", attackRequirements: "NONE", attackVector: "NETWORK", availabilityRequirement: "NOT_DEFINED", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityRequirement: "NOT_DEFINED", exploitMaturity: "NOT_DEFINED", integrityRequirement: "NOT_DEFINED", modifiedAttackComplexity: "NOT_DEFINED", modifiedAttackRequirements: "NOT_DEFINED", modifiedAttackVector: "NOT_DEFINED", modifiedPrivilegesRequired: "NOT_DEFINED", modifiedSubAvailabilityImpact: "NOT_DEFINED", modifiedSubConfidentialityImpact: "NOT_DEFINED", modifiedSubIntegrityImpact: "NOT_DEFINED", modifiedUserInteraction: "NOT_DEFINED", modifiedVulnAvailabilityImpact: "NOT_DEFINED", modifiedVulnConfidentialityImpact: "NOT_DEFINED", modifiedVulnIntegrityImpact: "NOT_DEFINED", privilegesRequired: "LOW", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "NONE", subConfidentialityImpact: "NONE", subIntegrityImpact: "NONE", userInteraction: "NONE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", version: "4.0", vulnAvailabilityImpact: "LOW", vulnConfidentialityImpact: "LOW", vulnIntegrityImpact: "LOW", vulnerabilityResponseEffort: "NOT_DEFINED", }, source: "cna@vuldb.com", type: "Secondary", }, ], }, published: "2024-12-12T01:40:30.413", references: [ { source: "cna@vuldb.com", tags: [ "Product", ], url: "https://code-projects.org/", }, { source: "cna@vuldb.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/bjtyyy/CVE/blob/main/Online%20Class%20and%20Exam%20Scheduling%20System_subject_update_php%20.docx", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", ], url: "https://vuldb.com/?ctiid.287870", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?id.287870", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://vuldb.com/?submit.459097", }, { source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/bjtyyy/CVE/blob/main/Online%20Class%20and%20Exam%20Scheduling%20System_subject_update_php%20.docx", }, ], sourceIdentifier: "cna@vuldb.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-74", }, { lang: "en", value: "CWE-89", }, ], source: "cna@vuldb.com", type: "Primary", }, ], }
cve-2024-12489
Vulnerability from cvelistv5
Published
2024-12-11 22:00
Modified
2024-12-12 16:39
Severity ?
5.3 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
EPSS score ?
Summary
A vulnerability was found in code-projects Online Class and Exam Scheduling System 1.0. It has been classified as critical. This affects an unknown part of the file /pages/term.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.287871 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.287871 | signature, permissions-required | |
| https://vuldb.com/?submit.459113 | third-party-advisory | |
| https://github.com/bjtyyy/CVE/blob/main/Online%20Class%20and%20Exam%20Scheduling%20System_term_php%20.docx | exploit | |
| https://code-projects.org/ | product |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| code-projects | Online Class and Exam Scheduling System |
Version: 1.0 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-12489", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-12-12T16:25:42.841896Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-12-12T16:39:32.736Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Online Class and Exam Scheduling System", vendor: "code-projects", versions: [ { status: "affected", version: "1.0", }, ], }, ], credits: [ { lang: "en", type: "reporter", value: "T123 (VulDB User)", }, ], descriptions: [ { lang: "en", value: "A vulnerability was found in code-projects Online Class and Exam Scheduling System 1.0. It has been classified as critical. This affects an unknown part of the file /pages/term.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.", }, { lang: "de", value: "Es wurde eine Schwachstelle in code-projects Online Class and Exam Scheduling System 1.0 ausgemacht. Sie wurde als kritisch eingestuft. Hiervon betroffen ist ein unbekannter Codeblock der Datei /pages/term.php. Dank Manipulation des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung.", }, ], metrics: [ { cvssV4_0: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", version: "4.0", }, }, { cvssV3_1: { baseScore: 6.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, }, { cvssV3_0: { baseScore: 6.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, }, { cvssV2_0: { baseScore: 6.5, vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-89", description: "SQL Injection", lang: "en", type: "CWE", }, ], }, { descriptions: [ { cweId: "CWE-74", description: "Injection", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-11T22:00:12.704Z", orgId: "1af790b2-7ee1-4545-860a-a788eba489b5", shortName: "VulDB", }, references: [ { name: "VDB-287871 | code-projects Online Class and Exam Scheduling System term.php sql injection", tags: [ "vdb-entry", "technical-description", ], url: "https://vuldb.com/?id.287871", }, { name: "VDB-287871 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", ], url: "https://vuldb.com/?ctiid.287871", }, { name: "Submit #459113 | code-projects Online Class and Exam Scheduling System 11 SQL Injection", tags: [ "third-party-advisory", ], url: "https://vuldb.com/?submit.459113", }, { tags: [ "exploit", ], url: "https://github.com/bjtyyy/CVE/blob/main/Online%20Class%20and%20Exam%20Scheduling%20System_term_php%20.docx", }, { tags: [ "product", ], url: "https://code-projects.org/", }, ], timeline: [ { lang: "en", time: "2024-12-11T00:00:00.000Z", value: "Advisory disclosed", }, { lang: "en", time: "2024-12-11T01:00:00.000Z", value: "VulDB entry created", }, { lang: "en", time: "2024-12-11T13:59:52.000Z", value: "VulDB entry last update", }, ], title: "code-projects Online Class and Exam Scheduling System term.php sql injection", }, }, cveMetadata: { assignerOrgId: "1af790b2-7ee1-4545-860a-a788eba489b5", assignerShortName: "VulDB", cveId: "CVE-2024-12489", datePublished: "2024-12-11T22:00:12.704Z", dateReserved: "2024-12-11T12:54:36.197Z", dateUpdated: "2024-12-12T16:39:32.736Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-2706
Vulnerability from cvelistv5
Published
2022-08-08 12:50
Modified
2024-08-03 00:46
Severity ?
EPSS score ?
Summary
A vulnerability classified as critical has been found in SourceCodester Online Class and Exam Scheduling System 1.0. Affected is an unknown function of the file /pages/class_sched.php. The manipulation of the argument class with the input '||(SELECT 0x684d6b6c WHERE 5993=5993 AND (SELECT 2096 FROM(SELECT COUNT(*),CONCAT(0x717a786b71,(SELECT (ELT(2096=2096,1))),0x717a626271,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a))||' leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-205830 is the identifier assigned to this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/anx0ing/CVE_demo/blob/main/2022/Online%20Class%20and%20Exam%20Scheduling%20System-SQL%20injections.md | x_refsource_MISC | |
| https://vuldb.com/?id.205830 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SourceCodester | Online Class and Exam Scheduling System |
Version: 1.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T00:46:03.638Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/anx0ing/CVE_demo/blob/main/2022/Online%20Class%20and%20Exam%20Scheduling%20System-SQL%20injections.md", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://vuldb.com/?id.205830", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Online Class and Exam Scheduling System", vendor: "SourceCodester", versions: [ { status: "affected", version: "1.0", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability classified as critical has been found in SourceCodester Online Class and Exam Scheduling System 1.0. Affected is an unknown function of the file /pages/class_sched.php. The manipulation of the argument class with the input '||(SELECT 0x684d6b6c WHERE 5993=5993 AND (SELECT 2096 FROM(SELECT COUNT(*),CONCAT(0x717a786b71,(SELECT (ELT(2096=2096,1))),0x717a626271,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a))||' leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-205830 is the identifier assigned to this vulnerability.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-89", description: "CWE-89 SQL Injection", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-08-08T12:50:36", orgId: "1af790b2-7ee1-4545-860a-a788eba489b5", shortName: "VulDB", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/anx0ing/CVE_demo/blob/main/2022/Online%20Class%20and%20Exam%20Scheduling%20System-SQL%20injections.md", }, { tags: [ "x_refsource_MISC", ], url: "https://vuldb.com/?id.205830", }, ], title: "SourceCodester Online Class and Exam Scheduling System class_sched.php sql injection", x_generator: "vuldb.com", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cna@vuldb.com", ID: "CVE-2022-2706", REQUESTER: "cna@vuldb.com", STATE: "PUBLIC", TITLE: "SourceCodester Online Class and Exam Scheduling System class_sched.php sql injection", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Online Class and Exam Scheduling System", version: { version_data: [ { version_value: "1.0", }, ], }, }, ], }, vendor_name: "SourceCodester", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability classified as critical has been found in SourceCodester Online Class and Exam Scheduling System 1.0. Affected is an unknown function of the file /pages/class_sched.php. The manipulation of the argument class with the input '||(SELECT 0x684d6b6c WHERE 5993=5993 AND (SELECT 2096 FROM(SELECT COUNT(*),CONCAT(0x717a786b71,(SELECT (ELT(2096=2096,1))),0x717a626271,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a))||' leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-205830 is the identifier assigned to this vulnerability.", }, ], }, generator: "vuldb.com", impact: { cvss: { baseScore: "6.3", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-89 SQL Injection", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/anx0ing/CVE_demo/blob/main/2022/Online%20Class%20and%20Exam%20Scheduling%20System-SQL%20injections.md", refsource: "MISC", url: "https://github.com/anx0ing/CVE_demo/blob/main/2022/Online%20Class%20and%20Exam%20Scheduling%20System-SQL%20injections.md", }, { name: "https://vuldb.com/?id.205830", refsource: "MISC", url: "https://vuldb.com/?id.205830", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "1af790b2-7ee1-4545-860a-a788eba489b5", assignerShortName: "VulDB", cveId: "CVE-2022-2706", datePublished: "2022-08-08T12:50:37", dateReserved: "2022-08-07T00:00:00", dateUpdated: "2024-08-03T00:46:03.638Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-12485
Vulnerability from cvelistv5
Published
2024-12-11 20:31
Modified
2024-12-12 14:12
Severity ?
5.3 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
EPSS score ?
Summary
A vulnerability, which was classified as critical, has been found in code-projects Online Class and Exam Scheduling System 1.0. This issue affects some unknown processing of the file /pages/department.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.287867 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.287867 | signature, permissions-required | |
| https://vuldb.com/?submit.459077 | third-party-advisory | |
| https://github.com/bjtyyy/CVE/blob/main/Online%20Class%20and%20Exam%20Scheduling%20System_department_php.docx | exploit | |
| https://code-projects.org/ | product |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| code-projects | Online Class and Exam Scheduling System |
Version: 1.0 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-12485", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-12-12T14:11:56.057177Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-12-12T14:12:04.596Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Online Class and Exam Scheduling System", vendor: "code-projects", versions: [ { status: "affected", version: "1.0", }, ], }, ], credits: [ { lang: "en", type: "reporter", value: "T123 (VulDB User)", }, ], descriptions: [ { lang: "en", value: "A vulnerability, which was classified as critical, has been found in code-projects Online Class and Exam Scheduling System 1.0. This issue affects some unknown processing of the file /pages/department.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.", }, { lang: "de", value: "Eine Schwachstelle wurde in code-projects Online Class and Exam Scheduling System 1.0 entdeckt. Sie wurde als kritisch eingestuft. Dies betrifft einen unbekannten Teil der Datei /pages/department.php. Durch Manipulieren des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.", }, ], metrics: [ { cvssV4_0: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", version: "4.0", }, }, { cvssV3_1: { baseScore: 6.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, }, { cvssV3_0: { baseScore: 6.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, }, { cvssV2_0: { baseScore: 6.5, vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-89", description: "SQL Injection", lang: "en", type: "CWE", }, ], }, { descriptions: [ { cweId: "CWE-74", description: "Injection", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-11T20:31:05.271Z", orgId: "1af790b2-7ee1-4545-860a-a788eba489b5", shortName: "VulDB", }, references: [ { name: "VDB-287867 | code-projects Online Class and Exam Scheduling System department.php sql injection", tags: [ "vdb-entry", "technical-description", ], url: "https://vuldb.com/?id.287867", }, { name: "VDB-287867 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", ], url: "https://vuldb.com/?ctiid.287867", }, { name: "Submit #459077 | code-projects Online Class and Exam Scheduling System 11 SQL Injection", tags: [ "third-party-advisory", ], url: "https://vuldb.com/?submit.459077", }, { tags: [ "exploit", ], url: "https://github.com/bjtyyy/CVE/blob/main/Online%20Class%20and%20Exam%20Scheduling%20System_department_php.docx", }, { tags: [ "product", ], url: "https://code-projects.org/", }, ], timeline: [ { lang: "en", time: "2024-12-11T00:00:00.000Z", value: "Advisory disclosed", }, { lang: "en", time: "2024-12-11T01:00:00.000Z", value: "VulDB entry created", }, { lang: "en", time: "2024-12-11T13:59:45.000Z", value: "VulDB entry last update", }, ], title: "code-projects Online Class and Exam Scheduling System department.php sql injection", }, }, cveMetadata: { assignerOrgId: "1af790b2-7ee1-4545-860a-a788eba489b5", assignerShortName: "VulDB", cveId: "CVE-2024-12485", datePublished: "2024-12-11T20:31:05.271Z", dateReserved: "2024-12-11T12:54:15.867Z", dateUpdated: "2024-12-12T14:12:04.596Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-12488
Vulnerability from cvelistv5
Published
2024-12-11 21:31
Modified
2024-12-12 16:33
Severity ?
5.3 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
EPSS score ?
Summary
A vulnerability was found in code-projects Online Class and Exam Scheduling System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /pages/subject_update.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.287870 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.287870 | signature, permissions-required | |
| https://vuldb.com/?submit.459097 | third-party-advisory | |
| https://github.com/bjtyyy/CVE/blob/main/Online%20Class%20and%20Exam%20Scheduling%20System_subject_update_php%20.docx | exploit, patch | |
| https://code-projects.org/ | product |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| code-projects | Online Class and Exam Scheduling System |
Version: 1.0 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-12488", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-12-12T16:33:08.021823Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-12-12T16:33:35.612Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, references: [ { tags: [ "exploit", ], url: "https://github.com/bjtyyy/CVE/blob/main/Online%20Class%20and%20Exam%20Scheduling%20System_subject_update_php%20.docx", }, ], title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Online Class and Exam Scheduling System", vendor: "code-projects", versions: [ { status: "affected", version: "1.0", }, ], }, ], credits: [ { lang: "en", type: "reporter", value: "T123 (VulDB User)", }, ], descriptions: [ { lang: "en", value: "A vulnerability was found in code-projects Online Class and Exam Scheduling System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /pages/subject_update.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.", }, { lang: "de", value: "Eine Schwachstelle wurde in code-projects Online Class and Exam Scheduling System 1.0 gefunden. Sie wurde als kritisch eingestuft. Davon betroffen ist unbekannter Code der Datei /pages/subject_update.php. Dank der Manipulation des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.", }, ], metrics: [ { cvssV4_0: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", version: "4.0", }, }, { cvssV3_1: { baseScore: 6.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, }, { cvssV3_0: { baseScore: 6.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, }, { cvssV2_0: { baseScore: 6.5, vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-89", description: "SQL Injection", lang: "en", type: "CWE", }, ], }, { descriptions: [ { cweId: "CWE-74", description: "Injection", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-11T21:31:05.125Z", orgId: "1af790b2-7ee1-4545-860a-a788eba489b5", shortName: "VulDB", }, references: [ { name: "VDB-287870 | code-projects Online Class and Exam Scheduling System subject_update.php sql injection", tags: [ "vdb-entry", "technical-description", ], url: "https://vuldb.com/?id.287870", }, { name: "VDB-287870 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", ], url: "https://vuldb.com/?ctiid.287870", }, { name: "Submit #459097 | code-projects Online Class and Exam Scheduling System 11 SQL Injection", tags: [ "third-party-advisory", ], url: "https://vuldb.com/?submit.459097", }, { tags: [ "exploit", "patch", ], url: "https://github.com/bjtyyy/CVE/blob/main/Online%20Class%20and%20Exam%20Scheduling%20System_subject_update_php%20.docx", }, { tags: [ "product", ], url: "https://code-projects.org/", }, ], timeline: [ { lang: "en", time: "2024-12-11T00:00:00.000Z", value: "Advisory disclosed", }, { lang: "en", time: "2024-12-11T01:00:00.000Z", value: "VulDB entry created", }, { lang: "en", time: "2024-12-11T13:59:50.000Z", value: "VulDB entry last update", }, ], title: "code-projects Online Class and Exam Scheduling System subject_update.php sql injection", }, }, cveMetadata: { assignerOrgId: "1af790b2-7ee1-4545-860a-a788eba489b5", assignerShortName: "VulDB", cveId: "CVE-2024-12488", datePublished: "2024-12-11T21:31:05.125Z", dateReserved: "2024-12-11T12:54:32.883Z", dateUpdated: "2024-12-12T16:33:35.612Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-12487
Vulnerability from cvelistv5
Published
2024-12-11 21:00
Modified
2024-12-12 14:03
Severity ?
5.3 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
EPSS score ?
Summary
A vulnerability has been found in code-projects Online Class and Exam Scheduling System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /pages/room_update.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.287869 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.287869 | signature, permissions-required | |
| https://vuldb.com/?submit.459083 | third-party-advisory | |
| https://github.com/bjtyyy/CVE/blob/main/Online%20Class%20and%20Exam%20Scheduling%20System_room_update_php.docx | exploit, patch | |
| https://code-projects.org/ | product |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| code-projects | Online Class and Exam Scheduling System |
Version: 1.0 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-12487", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-12-12T14:03:44.761420Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-12-12T14:03:53.134Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Online Class and Exam Scheduling System", vendor: "code-projects", versions: [ { status: "affected", version: "1.0", }, ], }, ], credits: [ { lang: "en", type: "reporter", value: "T123 (VulDB User)", }, ], descriptions: [ { lang: "en", value: "A vulnerability has been found in code-projects Online Class and Exam Scheduling System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /pages/room_update.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.", }, { lang: "de", value: "In code-projects Online Class and Exam Scheduling System 1.0 wurde eine Schwachstelle gefunden. Sie wurde als kritisch eingestuft. Hierbei betrifft es unbekannten Programmcode der Datei /pages/room_update.php. Durch Beeinflussen des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung.", }, ], metrics: [ { cvssV4_0: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", version: "4.0", }, }, { cvssV3_1: { baseScore: 6.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, }, { cvssV3_0: { baseScore: 6.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, }, { cvssV2_0: { baseScore: 6.5, vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-89", description: "SQL Injection", lang: "en", type: "CWE", }, ], }, { descriptions: [ { cweId: "CWE-74", description: "Injection", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-11T21:00:15.807Z", orgId: "1af790b2-7ee1-4545-860a-a788eba489b5", shortName: "VulDB", }, references: [ { name: "VDB-287869 | code-projects Online Class and Exam Scheduling System room_update.php sql injection", tags: [ "vdb-entry", "technical-description", ], url: "https://vuldb.com/?id.287869", }, { name: "VDB-287869 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", ], url: "https://vuldb.com/?ctiid.287869", }, { name: "Submit #459083 | code-projects Online Class and Exam Scheduling System 11 SQL Injection", tags: [ "third-party-advisory", ], url: "https://vuldb.com/?submit.459083", }, { tags: [ "exploit", "patch", ], url: "https://github.com/bjtyyy/CVE/blob/main/Online%20Class%20and%20Exam%20Scheduling%20System_room_update_php.docx", }, { tags: [ "product", ], url: "https://code-projects.org/", }, ], timeline: [ { lang: "en", time: "2024-12-11T00:00:00.000Z", value: "Advisory disclosed", }, { lang: "en", time: "2024-12-11T01:00:00.000Z", value: "VulDB entry created", }, { lang: "en", time: "2024-12-11T13:59:49.000Z", value: "VulDB entry last update", }, ], title: "code-projects Online Class and Exam Scheduling System room_update.php sql injection", }, }, cveMetadata: { assignerOrgId: "1af790b2-7ee1-4545-860a-a788eba489b5", assignerShortName: "VulDB", cveId: "CVE-2024-12487", datePublished: "2024-12-11T21:00:15.807Z", dateReserved: "2024-12-11T12:54:23.399Z", dateUpdated: "2024-12-12T14:03:53.134Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-2707
Vulnerability from cvelistv5
Published
2022-08-08 12:50
Modified
2024-08-03 00:46
Severity ?
EPSS score ?
Summary
A vulnerability classified as critical was found in SourceCodester Online Class and Exam Scheduling System 1.0. Affected by this vulnerability is an unknown functionality of the file /pages/faculty_sched.php. The manipulation of the argument faculty with the input ' OR (SELECT 2078 FROM(SELECT COUNT(*),CONCAT(0x716a717071,(SELECT (ELT(2078=2078,1))),0x717a706a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- uYCM leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205831.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/anx0ing/CVE_demo/blob/main/2022/Online%20Class%20and%20Exam%20Scheduling%20System-SQL%20injections.md | x_refsource_MISC | |
| https://vuldb.com/?id.205831 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SourceCodester | Online Class and Exam Scheduling System |
Version: 1.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T00:46:04.056Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/anx0ing/CVE_demo/blob/main/2022/Online%20Class%20and%20Exam%20Scheduling%20System-SQL%20injections.md", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://vuldb.com/?id.205831", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Online Class and Exam Scheduling System", vendor: "SourceCodester", versions: [ { status: "affected", version: "1.0", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability classified as critical was found in SourceCodester Online Class and Exam Scheduling System 1.0. Affected by this vulnerability is an unknown functionality of the file /pages/faculty_sched.php. The manipulation of the argument faculty with the input ' OR (SELECT 2078 FROM(SELECT COUNT(*),CONCAT(0x716a717071,(SELECT (ELT(2078=2078,1))),0x717a706a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- uYCM leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205831.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-89", description: "CWE-89 SQL Injection", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-08-08T12:50:42", orgId: "1af790b2-7ee1-4545-860a-a788eba489b5", shortName: "VulDB", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/anx0ing/CVE_demo/blob/main/2022/Online%20Class%20and%20Exam%20Scheduling%20System-SQL%20injections.md", }, { tags: [ "x_refsource_MISC", ], url: "https://vuldb.com/?id.205831", }, ], title: "SourceCodester Online Class and Exam Scheduling System faculty_sched.php sql injection", x_generator: "vuldb.com", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cna@vuldb.com", ID: "CVE-2022-2707", REQUESTER: "cna@vuldb.com", STATE: "PUBLIC", TITLE: "SourceCodester Online Class and Exam Scheduling System faculty_sched.php sql injection", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Online Class and Exam Scheduling System", version: { version_data: [ { version_value: "1.0", }, ], }, }, ], }, vendor_name: "SourceCodester", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability classified as critical was found in SourceCodester Online Class and Exam Scheduling System 1.0. Affected by this vulnerability is an unknown functionality of the file /pages/faculty_sched.php. The manipulation of the argument faculty with the input ' OR (SELECT 2078 FROM(SELECT COUNT(*),CONCAT(0x716a717071,(SELECT (ELT(2078=2078,1))),0x717a706a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- uYCM leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205831.", }, ], }, generator: "vuldb.com", impact: { cvss: { baseScore: "6.3", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-89 SQL Injection", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/anx0ing/CVE_demo/blob/main/2022/Online%20Class%20and%20Exam%20Scheduling%20System-SQL%20injections.md", refsource: "MISC", url: "https://github.com/anx0ing/CVE_demo/blob/main/2022/Online%20Class%20and%20Exam%20Scheduling%20System-SQL%20injections.md", }, { name: "https://vuldb.com/?id.205831", refsource: "MISC", url: "https://vuldb.com/?id.205831", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "1af790b2-7ee1-4545-860a-a788eba489b5", assignerShortName: "VulDB", cveId: "CVE-2022-2707", datePublished: "2022-08-08T12:50:42", dateReserved: "2022-08-07T00:00:00", dateUpdated: "2024-08-03T00:46:04.056Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-12486
Vulnerability from cvelistv5
Published
2024-12-11 20:31
Modified
2024-12-12 14:10
Severity ?
5.3 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
EPSS score ?
Summary
A vulnerability, which was classified as critical, was found in code-projects Online Class and Exam Scheduling System 1.0. Affected is an unknown function of the file /pages/rank_update.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.287868 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.287868 | signature, permissions-required | |
| https://vuldb.com/?submit.459081 | third-party-advisory | |
| https://github.com/bjtyyy/CVE/blob/main/Online%20Class%20and%20Exam%20Scheduling%20System_rank_update_php.docx | exploit, patch | |
| https://code-projects.org/ | product |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| code-projects | Online Class and Exam Scheduling System |
Version: 1.0 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-12486", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-12-12T14:10:24.363488Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-12-12T14:10:32.158Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Online Class and Exam Scheduling System", vendor: "code-projects", versions: [ { status: "affected", version: "1.0", }, ], }, ], credits: [ { lang: "en", type: "reporter", value: "T123 (VulDB User)", }, ], descriptions: [ { lang: "en", value: "A vulnerability, which was classified as critical, was found in code-projects Online Class and Exam Scheduling System 1.0. Affected is an unknown function of the file /pages/rank_update.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.", }, { lang: "de", value: "Es wurde eine Schwachstelle in code-projects Online Class and Exam Scheduling System 1.0 gefunden. Sie wurde als kritisch eingestuft. Dabei betrifft es einen unbekannter Codeteil der Datei /pages/rank_update.php. Durch das Beeinflussen des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.", }, ], metrics: [ { cvssV4_0: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", version: "4.0", }, }, { cvssV3_1: { baseScore: 6.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, }, { cvssV3_0: { baseScore: 6.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, }, { cvssV2_0: { baseScore: 6.5, vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-89", description: "SQL Injection", lang: "en", type: "CWE", }, ], }, { descriptions: [ { cweId: "CWE-74", description: "Injection", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-11T20:31:07.068Z", orgId: "1af790b2-7ee1-4545-860a-a788eba489b5", shortName: "VulDB", }, references: [ { name: "VDB-287868 | code-projects Online Class and Exam Scheduling System rank_update.php sql injection", tags: [ "vdb-entry", "technical-description", ], url: "https://vuldb.com/?id.287868", }, { name: "VDB-287868 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", ], url: "https://vuldb.com/?ctiid.287868", }, { name: "Submit #459081 | code-projects Online Class and Exam Scheduling System 11 SQL Injection", tags: [ "third-party-advisory", ], url: "https://vuldb.com/?submit.459081", }, { tags: [ "exploit", "patch", ], url: "https://github.com/bjtyyy/CVE/blob/main/Online%20Class%20and%20Exam%20Scheduling%20System_rank_update_php.docx", }, { tags: [ "product", ], url: "https://code-projects.org/", }, ], timeline: [ { lang: "en", time: "2024-12-11T00:00:00.000Z", value: "Advisory disclosed", }, { lang: "en", time: "2024-12-11T01:00:00.000Z", value: "VulDB entry created", }, { lang: "en", time: "2024-12-11T13:59:47.000Z", value: "VulDB entry last update", }, ], title: "code-projects Online Class and Exam Scheduling System rank_update.php sql injection", }, }, cveMetadata: { assignerOrgId: "1af790b2-7ee1-4545-860a-a788eba489b5", assignerShortName: "VulDB", cveId: "CVE-2024-12486", datePublished: "2024-12-11T20:31:07.068Z", dateReserved: "2024-12-11T12:54:20.414Z", dateUpdated: "2024-12-12T14:10:32.158Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }