Lucene search

INCIBECVELIST:CVE-2024-4824

HistoryMay 13, 2024 - 11:29 a.m.

CVE-2024-4824 SQL Injection in School ERP Pro+Responsive by AROX SOLUTION

2024-05-1311:29:37

CWE-89

INCIBE

www.cve.org

cve-2024

vulnerability

school erp pro+responsive 1.0

sql injection

arox solution

remote attacker

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.7

Confidence

High

EPSS

Percentile

9.0%

JSON

Vulnerability in School ERP Pro+Responsive 1.0 that allows SQL injection through the ‘/SchoolERP/office_admin/’ index in the parameters groups_id, examname, classes_id, es_voucherid, es_class, etc. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the database.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "School ERP Pro+Responsive",
    "vendor": "AROX SOLUTION",
    "versions": [
      {
        "status": "affected",
        "version": "1.0"
      }
    ]
  }
]

References

www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-school-erp-proresponsive-arox-solution

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.7

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for CVELIST:CVE-2024-4824