CVE-2024-7221

A vulnerability was determined in SourceCodester/Campcodes School Log Management System 1.0. This affects an unknown part of the file /admin/manage_user.php. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized.
Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
VulDBCNA
6.3 MEDIUM
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
CISA-ADPADP
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 26%
VendorProductVersion
oretnom23school_log_management_system
1.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://gist.github.com/topsky979/1e98c4d1a3ba1ed73aab46d360c1c4b8
https://vuldb.com/?ctiid.272792
https://vuldb.com/?id.272792
https://vuldb.com/?submit.380428
https://gist.github.com/topsky979/1e98c4d1a3ba1ed73aab46d360c1c4b8
https://vuldb.com/?ctiid.272792
https://vuldb.com/?id.272792
https://vuldb.com/?submit.380428