Lucene search

TMLVULNRICHMENT:CVE-2024-28094

HistoryMar 07, 2024 - 3:14 a.m.

CVE-2024-28094 Blind SQL Injection in Chat functionality in Schoolbox

2024-03-0703:14:25

CWE-89

TML

github.com

blind sql injection

schoolbox

chat functionality

cve-2024-28094

database records

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.1

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Chat functionality in Schoolbox application before
version 23.1.3 is vulnerable to blind SQL Injection enabling the
authenticated attackers to read, modify, and delete database records.

References

schoolbox.education/

www.themissinglink.com.au/security-advisories/cve-2024-28094

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.1

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2024-28094