ByteOS Network

NVD Vulnerability Details :

CVE-2024-4906

Analyzed

Source-cna@vuldb.com

Published At-15 May, 2024 | 19:15

Updated At-20 Feb, 2025 | 21:05

A vulnerability, which was classified as critical, was found in Campcodes Complete Web-Based School Management System 1.0. This affects an unknown part of the file /view/show_student1.php. The manipulation of the argument grade leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-264441 was assigned to this vulnerability.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	4.0	5.3	MEDIUM	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Secondary	3.1	6.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Primary	3.1	7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Secondary	2.0	6.5	MEDIUM	AV:N/AC:L/Au:S/C:P/I:P/A:P

Type: Secondary

Version: 4.0

Base score: 5.3

Base severity: MEDIUM

Vector:

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Type: Secondary

Version: 3.1

Base score: 6.3

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Type: Primary

Version: 3.1

Base score: 7.5

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Type: Secondary

Version: 2.0

Base score: 6.5

Base severity: MEDIUM

Vector:

AV:N/AC:L/Au:S/C:P/I:P/A:P

CPE Matches

CampCodes

>>complete_web-based_school_management_system>>1.0

cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-89	Secondary	cna@vuldb.com

CWE ID: CWE-89

Type: Secondary

Source: cna@vuldb.com

References

Hyperlink	Source	Resource
https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%202.pdf	cna@vuldb.com	Exploit
https://vuldb.com/?ctiid.264441	cna@vuldb.com	Permissions Required VDB Entry
https://vuldb.com/?id.264441	cna@vuldb.com	Permissions Required VDB Entry
https://vuldb.com/?submit.333292	cna@vuldb.com	Third Party Advisory VDB Entry
https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%202.pdf	af854a3a-2127-422b-91ae-364da2661108	Exploit
https://vuldb.com/?ctiid.264441	af854a3a-2127-422b-91ae-364da2661108	Permissions Required VDB Entry
https://vuldb.com/?id.264441	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory VDB Entry
https://vuldb.com/?submit.333292	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory VDB Entry