CVE-2024-7220

EUVD-2024-48187
A vulnerability was found in SourceCodester/Campcodes School Log Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/print_barcode.php. The manipulation of the argument tbl results in sql injection. It is possible to launch the attack remotely. The exploit has been made public and could be used.
Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
VulDBCNA
6.3 MEDIUM
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
Base Score
CVSS 3.x
EPSS Score
Percentile: 34%
Affected Products (NVD)
VendorProductVersion
oretnom23school_log_management_system
1.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://gist.github.com/topsky979/5cd0b6a43815a0615b8493cde5c4dacf
https://vuldb.com/?ctiid.272791
https://vuldb.com/?id.272791
https://vuldb.com/?submit.380427
https://gist.github.com/topsky979/5cd0b6a43815a0615b8493cde5c4dacf
https://vuldb.com/?ctiid.272791
https://vuldb.com/?id.272791
https://vuldb.com/?submit.380427